Liked this box, it has more puzzle-solving rather than actually hunting for vulnarabilities, which is quite a breath of fresh air.

you have no idea how much i'm learning here . Please never stop doing this.

Really enjoyed the dive into the unknown territory at the end. Thank you for all your amazing work John.

That last segment you did is what changes the game for me, and all other aspiring hackers out there :) really appreciate it John !

You are a true king John. Thank you for your efforts to teach us. Hope you get to 1 millions subs soon

Love the deep dive! very educational

That thing with Alice private key- that's why I ALWAYS run "ls -laR /home"

Simple and easy to understand every step well explained thnx for your efforts 😀😀

Awesome walkthrough, all those open ports were messing with me when I first started the room

John not recognizing the Jabberwock poem even AFTER decrypting it was both painful and hysterical. That's probably what I get watching these videos with an arts degree....

Seriously I've been binge watching your videos all day. spamming connections is what lead to the 10600 ban list on my server, I had initially set it to 3 tries max, until I lowered it down to 1 try. the total was around 5000 different IP being blocked (mostly from China/Russia). What really stopped this useless waste of bandwidth was just changing the port for a couple of minutes :) Anyway in my eyes the amount of reasonable attempt you really need to connect to a server is around 1, 2 at most (for critical servers like the one that holds all the pw). That's also how I got banned from my registar :) I fired up a script that would connect back to the tiny VPS I had set up and forgot a character, and sure enough after 4 tries I got kicked off. I really like all the videos I've watched so far, because they really go into details and highlight some of the things that can go wrong in security, but also, most of the issues arise from either easy passwords, or storing the password in plain text on the server, the real juicy parts are random exploitation of an underlying program. So fare I think I'm still secured with my boxes :)

I love these videos. Every time I watch one of your videos I wonder if you know about clipboard managers lol Clipboard history is SO good.

amazing video again had an amazing learning experience you rock man

Great video John, thanks - learnt a lot!

really liked this room and your pwncat thanks for this ❤❤

Nice informative video. Kudos to box Creator.

Scrolling through the Linpeas output isn't so bad (except the 3k ports on this one lol), you stop and explain things when you see them. Gives me idea of what I can look for in the future and what it might mean.

tryhackme videos from you always teached me new things. thanks john

There was more puzzle than hacking for the first 21 mins 😆

I know some script languages and shell commands but never touched Python. Your'e video are so inspiring that i will start to learn some Python language. Wrote already 4 simple scripts to learn a bit about the syntax just for fun. Thanks for the video!

Thanks boss! Great content ;)

Nice Job. Good to see those.

What a beautiful video ❤️

Aaarggh, How can you have never heard of the Jabberwocky. But apart from that - awseome as usual.

I live for that hair

on fire these last 4 days

You could use tac command. It's the reverse of cat. No need to explicitly pipe rev

6:30 yea... we both asking the same questions.

11 hours, cant wait!

love when u ranting!

great man .. jest great

very nice video thanks for share :)

How do you do that prompt --fancy thing in pwncat

@JohnHammond I really like the pwncat deep dive it was nice to see you not just you complete a challange but modify a tool when it did not meet your needs that is what I feel like hacking is at the core! No?

Do you run linux in wsl or do you have it installed as your main OS?

Very excited. I will be in class while watching your video tomorrow lol. I am so far behind on your videos. SUCKS

You're soooo awesome!

heard the intro before i looked at the screen... could've sworn this was seth rogans voice.

6:30 - that's what I thought to myself after trying to run linPeas on a windows machine

6:30 Maybe I'm too high?

12:21 nmap has script for leet speak. is the direction i would have went. maybe the gobbledygook is base64 or something.

Great video... I have to try pwncat ;-) - Some ideas for pwncat : In the old days we run Satan on Unix systems (Worked with SCO,Ultrix and HPUX) Today we run "Lynis" on our Linux systems and pipe to to a mail. It gives alot for fail config info and missing updates. Also look for an old nmap or proftpd server....etc (just ask the package system for versions and find the exploit !)

What’s the config of the pwncat you’re using ?

good Tutorial:)

why not to use binary search in connecting script?

I am at reboot, I want to solve it myself before watching this video but no cluess, can't wait

9:00 you could do this with binary search algorithm

can someones help me. i downloaded pwncat and everything works fine except the privesc command i re downloaded it and it still does't work. is this something i have to add myself or how do i do this?

Cant you just get around the changing password by injecting your ssh key into the .ssh/authorized_keys before rebooting? (30:45)

Are u using ubuntu 16.04 or 20.04 with unity desktop?

This is interesting ....

I see there's a lot of deciphering going on here... Any good recommendations for cryptographic courses?

you're the best

Are you just slaying the content or what, I see you out there trying the hacks like every day now. GG, John your one of my favorite content creates out there I learn how to be more productive && tactful after MAKE INSTALL your content to the /brain.

Nice bro ket it up

You should make long videos It's great

U d best john❤❤ I lost the connection twice to the machine by 1.rebooting with a typo in my reverse shell command 2. Hitting ctrl c on nc shell ( forgot to stabalize)🥺🥺😭 #poorme

Finally with pwncat xD

59 minute video wooooo XD

I've been trying to use pwncat for shells but i doesn't work like it does in this clip, it just gives me a shell that is less stable than netcat. I have it downloaded and also the environment but it doesn't seem to run like this clip

What Linux Os is he using?

Best vid so far. Thanks

"I hope you enjoy this"? Really?? 🙂 I was - freaking - applauded standing 🧍‍♀️ 👏👏👏👏👏👏👏👏👏 Thanks, John! 🤝

They don't teach The Jabberwocky at USCGA?

I would've watched whole stream of you going through this the first time. My opinion is that you create a different channel for streaming these rooms and later use clips from them to create video for this channel.

automate the process with a bsearch

Does anyone else watch him because he sounds like Seth Rogen... no? Just me? Alright..

The discord link says it is invalid

u could have done a binary search to find that mid port way faster editing: ohh you have done that

9224 though, hope you fixed it, although it's not a huge error xD

youtube allgorithm thing! ;-)

vin-ie-ehre

Nice ❤️❤️🌹

Why `cat | rev` instead of `tac `?

Am I the only one that created a python script for the ssh port game ? 😅 Btw thanks to this box I now always do cat /home/*/.ssh/id_rda on each box 😀

StrictKeyHeck...

Can someone help me out am trying to do hackthebox machines and tryhackme using wls2 but am having difficulty when doing web related tasks i can seem to get the ip of machine to work on my Windows host browser

I thought this was gonna involve KVM looking-glass :/ dissapointed to say the least.

Port 9224

Kep*

try monitoring ssh conversations first

:D

find . -not -user alice -ls

Lewis Carroll. Pretty interesting stuff, clearly the nonsense poem. Cmon Hammond go take an English course!

for i in $(seq 9000 100 13000); do ssh -o StrictHostKeyChecking=no -p $i IP ; done ; echo "John Hammond do the best content of security" :)

This was a fun room! Not sure if anyone else had this issue but i was getting the "No matching host key type found. Their offer: ssh-rsa" error message when attempting to SSH to the ports. To get around this I had to add the '-o' switch with 'HostkeyAlogrithms=+ssh-rsa' as the argument so, my working ssh command was: ssh -p 9001 -o HostKeyAlogrithms=+ssh-rsa user@victim.ip hopefully this helps anyone!