If you are running Kali Linux how do you have your terminal look like that at 14:08 at the bottom with the colors? Thank you.

@DarkSec I have been stuck on "WARNING: Failed to daemonise. This is quite common and not fatal. Connection refused (111)" Immediately after I try to run the script via the uploads page. On top of that, the port listener is not returning anything? I have changed the port number several times and re-uploaded the .php file and I consistently get this same error. Any ideas?

This was great! Thank you @Dark

I know I am a little behind. Playing catchup. I ran into a couple issues but I was able to fight my way through them and figured it out. Good stuff!! Really enjoying these lessons.

Awesome video Dark! Sucks I had to do it at x0.25 speed due to tryhackme's slow machines haha

These first two THM holiday rooms doesn't give me an indication that it's finished with the confetti and the "Congratulations" message, but it does say 100%. Since it matters for the prize drawings, is there a way to know that it's registering that the rooms have been completed? I couldn't find a place to make a ticket. So I'm posting here.

Very nice small hack-snack! Loved it! Maybe here's a little tip for mac users. On chrome on mac os you can't select a *.jpg.php file and there is no dropdown menu like on windows to select *.* (or I didn't find it), but a way to get through this is to upload a *.jpg file and repeat the request with burp suite in order to change the filename in the request to .jpg.php.

Excellent video though website never uploaded forme tried at different times and different attack boxes and always got same error: 405 - Specified method is invalid for this resource

Thanks for the video Dark!

Cannot get netcat to find the connection, followed all these steps. Any ideas?

you have been really very helpfull....THANK YOU VERY MUCH !!!

Thanks @Dark - as always a pleasure 😊

Did this stop working? Trying to practice but this step will not nmap, page won't load and does not ping

@DarkSec really fun room.

@DarkSec I'm subscribed to tryhackme, but when I deploy the VM it still only gives me an hour time limit.

So, two things. First, after doing everything you did, I can't upload it to the site. No idea why, just doesn't allow me to do so. Second, I tried removing the ".php" which then allowed me to upload. After doing that, I can't run the script due to an error. I assume because I removed the ".php". Edit: I am an idiot.

Hey How can i get a terminal like yours with the ip addresses in the bottom ??

I am greatful for this amazing video and these fun tasks. I've been given the opportunity to start a junior position at our security department this spring and I've made it my thing to complete this calendar and start learning more before then. I really appreciate the work that has been put into these starting assignments. They were easy to understand and felt engaging. They also left this aftertaste of wanting to know more. So yeah, really good!

Have some questions on this: I have my own VB kali machine and i was inserting on my browser the IP of THM. Couldnt bring me the webpage you created therefore i couldnt complete the tanks. The copy .php file did it fairly easily. Any advice for the issuee?

Hi, when i try to listen the port 1234 and i start the php shell in the website doesnt appear nothing, can u help me?

Please How do I copy into my current directory, I am using windows and kali in my VMware

I'm proud of myself. I did it myself. BTW all the work you all put on this is really useful and I think it will help everyone. Thanks :)

hope you cover more stuffs in this channel .

I tried running the script but i got WARNING: Failed to daemonise. This is quite common and not fatal. php_network_getaddresses: getaddrinfo failed: Name or service not known (0)

hi all, i need your help. when i run the command to open netcat by nc -lvnp 443 nothing are going only its listenning on (0.0.0.0). i don't have the tunnel ip or vpn set on that THM only the THM IP and the docker ip are shown.

it doesnt refresh to the upload page for me??????

thanks @dark

Hi! New to this and im trying to learn more, so this content is just awesome! But im so stuck on this one and after hours i cant understand why the site is just printing out my shell.jpg.php in text when im clicking on it and nothing show up in Nc? Maybe somebody can help me. Best regards!

Can someone tell me what to do? Is this step not available if I use openvpn? I am using openvpn on Mac, sudo nc -p 1234 This code doesn't work. nc: missing port with option -l I seem to get an error. php file, you can write the green part at the top of the try hack me website. $port = 1234; When I go to /uploads/ and click on shell.jpeg.php, I get the error WARNING: Failed to daemonise. This is quite common and not fatal. Connection timed out (110)

when i try putting the cp /usr/share/webshells/php/php/reverse-shell.php ./shell.jpeg.php it says cannot start cp /usr/share/webshells/php/php/reverse-shell.php ./shell.jpeg.php no such file or directory

hey Darksec, what laptop or computer do you recommend using a vm on because as soon as I open a web browser on my vm my main machine starts heating up and I hear the fan on loud af. im guessing its using too much ram, even though I've allocated 4gb of ram for the vm.

So I found if you just put ?id= without any id value after it, it will also let you access the uploads page. Not sure if it's an unintential bypass :)

I tried executing the reverse shell script on the server, I got the following error:- PHP Warning: fsockopen(): unable to connect to (Connection refused).

Can you share your tmux script ? :)

Yay I worked through this challenge without watching the video and worked out some of the solution myself, just verifying I had the commands right in the text. Very chuffed with myself. Thanks for the effort you guys are putting in to teach an old dog like me new tricks. Merry Christmas 🎄

.jpeg doesnt work as awnser :(

Love it

Please sir what is different between (A T) gmail.com and @gmail.com

he speak so fast

Who is better? John or Dark We"ll have this answer.......................... Maybe