18:00 Using python instead of the recommended tool reminds me those teachers really explains the answer to you rather than tell you that is the answer.
@AliTaqi4 жыл бұрын
I had been struggling to escalate my privileges and you taught me how to do that in such an easy manner. You're amazing. Thank You!
@_JohnHammond4 жыл бұрын
There are a lot of other techniques, but I like this quick win if you have some vector to run a command as root. Thanks so much for watching!
@AliTaqi4 жыл бұрын
@@_JohnHammond Yes. But is there any specific room in THM or any particular book/topic(s) that you'd recommend I study in order to learn more about linux privesc? I've already done commonprivesc on THM.
@vijaykishorea39873 жыл бұрын
@@AliTaqi Did u get any input? , do share if u get any :)
@AliTaqi3 жыл бұрын
@@vijaykishorea3987 would've been amazing, but sadly, no.
@vijaykishorea39873 жыл бұрын
@@AliTaqi I think watching cybermentor's linux privesc course , can help us !!
@sasakanjuh76604 жыл бұрын
I got stuck on the last step, ran out of the ideas, find similar approach to what you used but I didn't know the trick with stty so input gave me a lot of pain, so I eventually gave up :/ Now I can finally complete it! :D Great video, as always! :)
@_JohnHammond4 жыл бұрын
Happy to hear that! Thanks so much! And thanks for watching!
@HEADSPACEnTIMING4 жыл бұрын
I just wanna say, your the only channel I have with notifications turned on. I'm part of a security group but upper management. Basically I get the reports. Iv grown a large interest in how my subordinates conduct their pen testing. Watching you has 1. Impressed me and 2. taught me how my subordinates conduct their pen testing. Kudos with the python script.
@louisjohndoblon29334 жыл бұрын
Just finished Vulnversity. Your python script blew my mind! Got me wanting to ramp up my python skills. Thanks man!
@alexanderb63534 жыл бұрын
John, thank you for such a comprehensive explanation and a fascinating adventure! It's a pleasure to watch your videos, I am really waiting for more your episodes of try hack me!
@_JohnHammond4 жыл бұрын
Appreciate all the kind words, thank you so much!
@muaazahmad26014 жыл бұрын
Just did this box today, it was interesting to see the other ways we can use to address the challenges. Great Video!
@_JohnHammond4 жыл бұрын
Happy to hear that! Thanks for watching!
@bv.hd8833 жыл бұрын
19:10 man did that shit escaladed quickly lolll good stuff!
@enpassant73583 жыл бұрын
A half hour video and I will be spending hours taking notes. I really enjoy learning from you. Thanks.
@alexcondos98974 жыл бұрын
It really helps when you have a solid understanding of networking, programming & basic linux fundamentals. I'm pretty sure a couple years ago i would of shat bricks and thought you were gandalf, even though you are basically gandalf, thank you
@kenthn53964 жыл бұрын
I actually enjoyed these videos even though I'm just a newbie in this field. I look forward to seeing more of these!
@bitcode_4 жыл бұрын
get on TryHackMe, there are a lot of free rooms :)
@martijnkooij-nl4 жыл бұрын
Thanks John! Been watching your videos for a month or so now and with a little help in that last bit (stabilizing the shell and actually running the service using systemctl) I just finished my first TryHackMe room. Sweet Victory!
@hadesregret75824 жыл бұрын
Definitely liked watching you do some "dirty coding" in python. And the "bash -p" trick was super clever, I never would have thought of that.
@_JohnHammond4 жыл бұрын
Happy to hear that, thanks so much! And thanks for watching!
@alexcolley205 Жыл бұрын
What does bash -p do?
@nyleen4 жыл бұрын
Doing the youtube algorithm thing. Tho I actually came for the video.
@_JohnHammond4 жыл бұрын
Thank you so much! And thanks for watching!
@briantech853 жыл бұрын
John, you are doing amazing job by creating these handholding sessions for Cyber Security professionals !! Many thanks to you. Keep up the great work!!
@sirw3694 жыл бұрын
Bro, thank you very much for this detailed walk through. I just finished a homework with a privilege escalation exercise. This solidified everything I did and more. Keep the great content coming!
@psp.youtube4 жыл бұрын
This is the best YT channel, hands down.
@_JohnHammond4 жыл бұрын
Well I am very flattered, thank you so much! And thanks for watching!
@karangadhave90023 жыл бұрын
Hey, man! Thanks for explaining that python script, I would rather use python as well as it also helps to keep touch with the language or else we tend to forget things. These niche things like slapping the python script and explaining it makes me wanna watch these videos... Keep it up.. learning a lot
@TheDarkopsis4 жыл бұрын
Hmm thank god the youtube algorirthm showed your channel, I'm a web dev and i wasn't that interested in cyber security but you got me hooked ! Please continue on the TryHackMe site as it is very well made and really accessible, even to n00bs like me !
@babakaghayev56303 ай бұрын
Thanks man! I'm loving the energy!
@reda46324 жыл бұрын
Just did the box yesterday , glad to see other way to get the allowed extension
@_JohnHammond4 жыл бұрын
Just a quick little Python script -- saves us from dealing with BurpSuite a bit ahaha. Thanks so much for watching!
@TheNotoriousFonzy3 жыл бұрын
THANK YOU I WAS STUCK AND THIS HELPED ME SO MUCH!!! Your explanations and everything were clear, concise, and super helpful. A+ Thank you!!!
@franklinodom42593 жыл бұрын
I was struggling with burp, got to learn python and it was so much easier. Of course with your code :P baby steps...baby steps.... thanks man im hooked on your vids.
@sayondutta35304 жыл бұрын
After watching this video , I am a great fan of you and want to become like you .
@crazy3388662 жыл бұрын
Thank you so much for the walkthrough. I was struggling so much with the systemctl step. I didn't realize I needed to stabilize the shell to make the GTFO script to work.
@leesugden95553 жыл бұрын
Really hand trick i didn't know about stabilising the shell using Python will be sure to use that a lot more often. Completed the room before watching your video as i like to do them without help. Awesome content regardless, I learn a lot from the way you think thanks for sharing :)
@SmashPhysical3 жыл бұрын
Thanks for this, I had waited to finish the room before I watched this, and find your approach very helpful and instructive, especially replacing burp with a python script!
@jasonrobinson66202 жыл бұрын
So I have absolutely no idea what you’re doing, but it’s presented in such a way that I feel like I do. Either way, thoroughly enjoyable!
@Ayahalom1234 жыл бұрын
dude you are so humble, I just love your videos and personallity!
@_JohnHammond4 жыл бұрын
Appreciate that, thank you so much! And thanks for watching!
@ricardobrito68683 жыл бұрын
So much knowledge in this video... Learnt a lot!
@markfuentes36662 жыл бұрын
Loved the alternative ways you showed us. Thanks as always
@Jan_Seidel3 жыл бұрын
I love it when you take some detours and present showcases in python :)
@ImpulseMarkets4 жыл бұрын
I loved the shoutout to Ippsec lol. Great channel man!
@_JohnHammond4 жыл бұрын
Thanks so much! And thanks for watching!
@thewolf-ps1qz4 жыл бұрын
this is amazing to watch, even i don't understand any of this (actually a bit), but its interesting to watch, seriously i never skip the vid xD
@neilthomas50264 жыл бұрын
Thanks for your videos man !! They are actually educational and like it makes sense so like thanks man ♥️♥️
@r82gf61ndp4 жыл бұрын
Perfect Technique John, thanks for your sharing. Love your clear explanation I am new in OSCP. Those skill helps me a lot.
@Vannelle13374 жыл бұрын
Watching your video and actually understanding keeps me smiling. Thanks for the great explanation!
@graiglarsen31963 жыл бұрын
Thanks John, I really liked that method you showed to get a fully functioning reverse shell. I look forward to trying it out.
@djzio2 жыл бұрын
John, the last 3 or 4 minutes of that video, I could swear you melted a few keys!
@abbasleaders52142 жыл бұрын
wow, that was a beautiful walk through and a top $ explanation as I was having an issue understanding the last part about systmctl privesc part but you made it so much easy and the python script is top pro man, as burp didn't work as it showed all .php files as status 200 including the .phtml., where your script nailed it 100%.
@freeman18844 жыл бұрын
It feels great to find that I can understand more of what you are doing lately!
@_JohnHammond4 жыл бұрын
Ahaha excellent! Thanks so much for watching!
@wackyskullgaming67114 жыл бұрын
nice explanation, got here bcuz been stuck on that privesc part for several hours, got to learn something new, thanks
@enpassant73583 жыл бұрын
Watching you code the Python script was super helpful. Thank you!
@zacktzeng85692 жыл бұрын
Awesome video John! There was one thing I didn't quite understand, what did changing the ExecStart line do at the end? How come keeping the line the way it was wouldn't work?
@th3mant0th3g0d4 жыл бұрын
Hey John! Thanks for the video. At around 19:29, you said "Ctrl Z to foreground that" but it looked more like you were sending the NC php shell to the background instead, especially since you sent it back to foreground after you did "stty raw -echo". Did you mean background and you said foreground by accident?
@fusca14tube4 жыл бұрын
After CTRL-Z and "stty raw -echo" command, what keys brings the process in backgroud active? CTRL-C? Tks.
@fusca14tube4 жыл бұрын
Ummm... I think this could help: blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
@myinamei88843 жыл бұрын
He put the process in the background with CTRL+Z then 'stty raw -echo', then to pull the process back up he used 'fg (process id)' to see your process id for the command you put in the background type 'bg' that will give you a job list, then use 'fg (enter job list number)' to pull the process back up to the front. That is what I did, probably a better way but yeah.
@ripmeep4 жыл бұрын
Did this box like an hour before watching this! Awesome video
@scottym502 жыл бұрын
Great video, thank you. I learned a lot from you.
@mdgaziur0013 жыл бұрын
Tried at yesterday for the first time. Followed the same process untill I found systemctl. First tried to do prevesc using setuid but couldn't bcz I'm a massive noob. But then I exploited the vulnerability where systemctl can run process as any user to run bash as root and pipe it to my tun0. Then used netcat to reverse shell. But now I know where I did mistake while trying setuid stuff. THANK YOU.
@gitgudsec Жыл бұрын
Hey John, thanks so much for this walk-through - awesome as always. I'm just wondering what was the though-process underpinning editing the standard script from GTFObins? I was able to do the whole machine blind until this part, and got stuck there for a good hour or so. very grateful for your insight but I feel like I cheated a bit by just copying your actions w/o understanding really what went into those edits. Thanks!
@karthibalaji38174 жыл бұрын
Congrats to hit 100k in very advance !.
@aimsx3 жыл бұрын
Loved the Python script instead of BurpSuite - thanks for showing us that little trick!
@aldiyark15934 жыл бұрын
pressed Like button four times, this is how much i liked your video)
@jonahhex12954 жыл бұрын
AWESOME, i loved the python script, very instructive as always , thanks pal !!!
@_JohnHammond4 жыл бұрын
Happy to hear that! Thanks so much for watching!
@simba7161 Жыл бұрын
28:08 "...press the dislike button twice to let me know how much you hated it" lmao
@LegacyInBlood4 жыл бұрын
Love it! Please do more of these
@forhadhossain89133 жыл бұрын
You are amazing bro!
@garrettblackard22884 жыл бұрын
Really enjoyed that python scripting I would love to see more challenges solved that way. Been wanting more coding projects and tasks, thanks m8!
@_JohnHammond4 жыл бұрын
Very happy to hear that! Thanks for watching!
@garrettblackard22884 жыл бұрын
@@_JohnHammond having an issue with the SUID priv esc it doesnt do anything just goes black but idk going to keep cracking away at it i guess
@garrettblackard22884 жыл бұрын
@@_JohnHammond haha ignore me i had to actually start the service created in tmp folder for some strange reason just got it hopefully as time goes on tryhackme will be less buggy i submitted a correct flag yesterday 5 times and did not get the correct flag indicator until number 5 after refreshing LULz
@Ziomekpionek4 жыл бұрын
Great stuff! Appreciate that you are adding some extra hints which i did't get in writeups, same for python. I noticed you are not closing files stream in for loop where you are checking different extensions upload. During scripting very often I don’t bother also :P but as we know as good practice we can use context managers like with statement or, f.close(). This is not the case here - but I just wonder does such unclose files may be some kind of vulnerability? Did you came across on that during challenges?
@IvarsRuza4 жыл бұрын
I would use command: lsof -nP | grep -i listen -> to check which user is running on port 3333
@_JohnHammond4 жыл бұрын
Ooooh, good call! Thanks for sharing -- and thanks for watching!
@HappyGick4 жыл бұрын
I decided to just check the /home/ directory. It shows all users, and pretty much anyone has access to that directory
@m8_9814 жыл бұрын
@Peter Lustig why?
@ghosthookcc20504 жыл бұрын
@Peter Lustig how is he a script kiddy? This is far from saying "i can hack your bank account" while sitting in cmd. He thinks in a logical way and even creates his own little python scripts to solve problems, not a script kiddy if you ask me.
@davidleitman3 жыл бұрын
many thanks to you John for the embedded python lesson
@asdadassdaasdsaasdsd84603 жыл бұрын
For basic and amateurs . I like it
@ocortesl3 жыл бұрын
Thanks for the video!
@b4ldor2433 жыл бұрын
Gracias bro!, aprendí mucho
@Phenix_Pitts4 жыл бұрын
Thank you for the content! I just got into cybersecurity. I can't wait to see more. -Cheers
@enpassant73583 жыл бұрын
I've been using Linux in some capacity since 1998 and this is the first I've truly understood SUID.
@rake94624 жыл бұрын
awesome video 👍
@_JohnHammond4 жыл бұрын
Thank you! And thanks for watching!
@shreyastr99344 жыл бұрын
@JohnHammond I ve been following you sir for a very long time.. thank you for all the amazing help ur content has done not only to me but to so many..!!! you are just amazing at what you do.. and i wish this channel reaches over a million soon.so more people can benefit from your knowledge...!!! and also can you tell me how can i learn python specifically for cybersec.. i have good basics of python.. but cant script or understand exploits..can u help me where i can learn from.. thanks a lot..!!!!!!!
@Klausi-uq4xq4 жыл бұрын
Thank you for the bin/bash hint!!!
@DavidWarrington4 жыл бұрын
I came for John's haircut... And was not disappointed.
@_JohnHammond4 жыл бұрын
Ha! Thanks! And thanks for watching!
@greob4 жыл бұрын
I enjoyed watching this. Thanks.
@_JohnHammond4 жыл бұрын
Happy to hear that! Thank you!
@daanbreur4 жыл бұрын
I finnally learned how to do priv escalation, Im never able to pull it off but now you learned it me
@_JohnHammond4 жыл бұрын
That is good to hear! Thanks so much!
@daanbreur4 жыл бұрын
@@_JohnHammond your welcome
@emilioastier3 жыл бұрын
thank you for the video, really interesting and valuable
@Ms.Robot.4 жыл бұрын
💗I like your hairstyle too 💗
@johnwick17082 жыл бұрын
Hello John, it's been a while since that video but why does /bin/systemctl seems a little bit odd as you said?
@rishabhsingh36104 жыл бұрын
Lol I just did this room! I actually uploaded a . service file and used systemctl to start a reverse shell as root but your methods seem so much more efficient! Just one question: what were those commands you used to make the first shell more stable?
@docmalitt4 жыл бұрын
Well, when in Rome, smash the stack... wait, what? Sorry, wrong youtuber.... 👋 John. Welcome. Did u have time to unwind after VirSecCon? Amazing job. Thank you from the bottom of my heart. Sure the sentiment is worldwide but most of your followers are using this evening (official beginning of the extended Marvel Universe weekend! Wait, what? Not Marvel? Sorry wrong weeke... 🥳) to catch up with the mentioned CTF and other beautiful challenges. And since I cheated last challenge (privesc) in Vulniversity I’ll just download this video and retreat to my den... Nice, John, nice 👍...
@_JohnHammond4 жыл бұрын
I'm still a little foggy after VirSecCon, admittedly, ahaha... but planning for the next one! I've been brainstorming a lot of challenge ideas so hopefully I can keep sharing a CTF event in the future. Thanks so much for playing! And thanks so much for watching!!
@committedcoder33524 жыл бұрын
Kinda lost me at the end, with the suid part, particularly with running the bin/bash -p, but very cool nonetheless
@saviofernandes52634 жыл бұрын
Me too, but after doing a little reading up on suid, it seemed simple.
@gaminggolfer11994 жыл бұрын
So I have a question / comment. One thing you didn't show since you didn't use burpsuite is how you would find the /internal/uploads folder. It's nice that the THM site provided that for you in it's hints section, but if this were a blank box without that hint, using your python script how would you have been able to tell where the .phtml file uploaded to to be able to run it? What tool, other than burp, would you have used to find where your reverse shell landed?
@SinanAkkoyun4 жыл бұрын
Why nano -> vim alias XD
@synack21653 жыл бұрын
Great videos as always. Only thing I could not get to work was the very last part. Copy & Pasting the code for systemctl. I did everything 3 times exactly as you did and every time I could not get it to get me root for whatever reason. I spent a couple hours banging my head and still couldn't get it to work. Lost for answers. Any ideas? I made sure that I had change to /home/bill dir before I copy&pasted. No idea. Thanks for making the videos!!
@jasonfmj56212 жыл бұрын
same issue here, were you able to resolve it?
@wardellcastles3 жыл бұрын
After you entered "stty raw -echo" what was your next step? It sounded like "specify fg"
@gscodeseeker4 жыл бұрын
Quick question, why did you check the body response rather than the HTTP response code in your python script? For example checking if the response was 200 or something else, I'd imagine it would return a 401 if it didn't allow the extension.
@jos15323 жыл бұрын
Oh man Thnks so much
@KaLata1234563 жыл бұрын
Gotta love that python demo ...
@mushtakhussain90173 жыл бұрын
Damn you're so inspiring
@bhushandaware91864 жыл бұрын
thanks sir
@DeKiesel Жыл бұрын
"I ended up aliasing nano to vim".... I am speechless...
@chiranjit95294 жыл бұрын
Nice video man! 😄
@_JohnHammond4 жыл бұрын
Thanks so much! And thanks for watching!
@stefandemerov84234 жыл бұрын
John, please explain what you did at 19:17, I was able to replicate it, but I don't get it.
@GodBurstPk2 жыл бұрын
Probably this is allowed havent touched python in a while but why not something like [f"php{i}" for i in range(1, 10)]+[...aditionals] This would "support" future versions if x function hasn't changed, easier to add multi support for additional list items also.
@henrythierry1794 жыл бұрын
Your hair cut's great
@voyageur10162 жыл бұрын
thanks bro
@chrisr47153 жыл бұрын
LIKED!
@mikeship73313 жыл бұрын
Method question… when you find a file upload page is your first thought always a php reverse shell? And what drives the thought process? Thanks!
@bangxwazan92752 жыл бұрын
thanks alot
@abadvibesguy22322 жыл бұрын
I've spent like hour and a half on this and have no idea how to escalate privileges and finish last question ,but seeing this I'm sure I can quit lol ,those python skills blew my mind ,but that shell tehnique ,w.e it was ,to go from "unstable" one to the other ,that killed me ,aight ,I'm out :D
@trapenoone69044 жыл бұрын
Can you make video about how to make python scripts to do penetration testing and web application, it's really cool to be able to code on the fly without relying on Burp Suite.
@shikamsmuru15744 жыл бұрын
I LOVE how you zoom in on everything! It helps a lot. A little thing that lots of content creators forget about which makes it very hard to read sometimes. You are an awesome dude! Also haha clever 'click the dislike button twice' :D it's gonna leave the dislike unclicked :D
@rcs27493 жыл бұрын
Could not catch what you did to get your curser back once you used stty raw -echo
@kalelsoffspring4 жыл бұрын
Is there any reason why you actually renamed the file? Couldn't you just provide the original file, with .php extension every time? I don't see the point in physically moving the file around...