Thank you, John! This is great content!

Entering Pamela through a gaping security hole 🤔

You're my inspiration John❤

Dude I am watching your batch tutorial from 11 years ago and you uploaded just a few hours ago! You sound the same!

6:39 ctf narrative 101 edit: 17:21 best way to tell the viewer to subscribe that I have ever seen.

great video John. please can you make us a relax video of how you use sublime text.

A newbie question here, is this PAM like the Linux version of windows' lsass? That was quite the interesting take on how to escalate privileges, great content as always!

Great content as always, never come away from one of your videos without learning something valuable.

another awesome video John

Awesome content, thanks for sharing.

Lovely work! Thanks for the tips 🖖🐰🍷

Thanks John. Nice :D

Interesting video JH

Great video! Awesome topic on privilege escalation + root access on Linux.

learned a new trick thanks john

Great content 😮

do you have a crash course for anything

You had ownership of not just the directory but pam_deny, I think if you replace this with pam_permit it could be a vector, given you can change the configs

hey @John Hammond, FYI the CTF page has some typos. // do you need a team to play?

Really nice👍!

This is GOLD!

Looks like Networkchuck was not wrong about you, nice content !

wow good work :)

Yess

BRazill!

You’re the man

Good video

I get that this is contrived, but to call it a “degradation attack” makes it seem like there’s an exploitable weakness in PAM itself. If a web server offers both weak and strong encryption, and you can trick the client into choosing the weak - that’s degradation. If Pamela is so foolish as to change the ownership and permission of system level PAM libraries, that’s entirely on her. The weakness demonstrated is a “misconfiguration”, but only in the loosest sense that she went out of her way to do something dumb.

4 mins ago, lets gooo

awsome awsome

great guy

Yo

This looks like oldschool windows cmd bypass by renaming stickey keys to cmd

❤❤

Early :3

wow

Great

don't zoooooooooooooooooooooooooooom to much the terminal

ମୋର ଏ hacking facking ଶିଖିବାର ନାହିଁ l କାହିଁକି ଏ ଭିଡ଼ିଓ ଛାଡ଼ୁଛ?

Those attack only work in a environment of virtual machine is not real

What if i install a distro? Yes? And i setup 2 users? Yes? And i give your user privileges? Yes? And i just make my user able to edit PAM modules? Yes? And i make a video on YT about it? Yes? And people will believe i am a hackerman? Of course, they are morons regardless. In all seriousness, why people make videos like these, it's not like Linux is ran by illiterate people that have no idea what they are doing?

Hail to the Channel, This is the my first being around. I'm not good at cooking at all, hence no sandwiches ;-) Here's my thing about the vid: going into the details of basics and then jumping into pam without any exploration, man I don't know what this was meant to be. I'm not a troll, not mocking around but try to find youtube \( -iname *pam* -o -iname *faillock* \) ns>/dev/null

Came from @LiveOverflow.

The password doesn't work

PAM's a floosey... echo "-:ALL EXCEPT root :ALL" >> /etc/security/access.conf