FYI. Redis is pronounced like the color, not the plant. REDis. As an employee of said company, I can say this with authority.

Not the hero we deserved, but the hero we need, great video Seth Rogen.

Whenever I feel down your videos always motivates me to do more TryHackMe

16:10 You need to escape "&" with "%26" because "&" is query parameter separator

Great video! I am glad to see your walkthroughs for non-standard approaches to solving problems. I always learn something new. That's why I love you John)! Keep it up !!!

Your videos are very informative and helpful, keep up the good work!!

Great video fun to watch and learn from your videos. Thank you John.

Thanks ! always motivate for me

for the bash reverse shell you need to url encode the payload as it contain & and special chars , encode the payload and it will work :) , Good hacking guys.

best... as always you are!

Interesting that you just posted a video on redis. I just came across that in one of the ejpt labs and did some research on it.

Hey John. i was wondering if you came up with a twitch schedule at all? or if theres a certain day or time that you stream. Also, thank you for all the great videos.

Hey john I think that the bash reverse shell at 19:00 did not work because of the special characters used being confused with the HTTP protocol, what you could do is URL encoding, send the request to burp, highlight the payload and do ctrl u to URL encode the payload, that might work

Who is ready for the next tryhackme video

On the part where you were trying to use bash to access the machine though netcat, chances are that the bash method didn't work because the raw '&' in the given command in the browser omnibar is being interpreted as a (GET) parameter separator and so the command ended up being cut up. As a result, 'bash -i>' (just before the first occurring '&') will only be seen with the 'c' GET parameter on the PHP side of things. For it to not be seen as a query separator but rather part of a value, '&' needs to be URI encoded ('%26').

I just did this in NCL recently!

never seen gtfobins. awesome bro.

I wonder feom where does John gets so much of energy. Wish I can know his secret. 🙏 I will start tryhackme and htb from tomorrow and will dedicate lot of time.

Caleb did a great job.

Would love a video on how you set up Kali and especially your terminal! It looks soo good

@john hammond u teached me more than my college did....thanks brother :)

sponsored by my favorite actor, Norman Redis

Ed Sheeran again with an amazing video!

Rustscan is pretty decent, can u do a box completely with pawncat?

This is really cool but how do I learn it myself?

Hey man, do you have any ideas or suggestions regarding pentesteracademy.com?

Nice

John Hammond, have you ever looked at CyberChef?

i was having the same problem with the docker container of rustscan. installing rustscan locally didn't give any issues.

28.00 gimmicks and fun things though, before I dive into dirty_cow and moo-ve into other things 😅 very punny John

pwncat is a pain in the ass to install and get working.. and then the confusion between pwncat and pwncat.. oh man.. and to have to run it in venv pretty much just because the custom paramiko fork that doesn't want to install properly makes it almost unusable.. which is heartbreaking cause I think this thing is amazing.

What would you try if it wouldn't accept php code execution?

i guess next video would be 0day or the market place

When did John switch to Kali?

can we participate in the development of pwncat? Looks fun!

This guy might as well just know everything when it comes to hacking

I see you have switched to kali

A little tip for anyone regarding nmap: You can speed up full-range portscans with the --min-rate= command. E.g.: nmap -sC -sV --min-rate=10000 127.0.0.1

hi John, love your videos. I have a question that I have been wanted to ask you for some time. Like 6 months ago I was on a CTF from the University and they gave us a brute force challenge (CTF is already close :)). The challenge is truly intended to use brute force to get the password of the user admin, no other technique or backdoor. This is the only information available in the challange: Never give out your password to anyone. Don't just use one password. Make password at least 12 characters long. Include number, capital letters and symbols. Don't use dictionary words. Don't post it in plain sight. Consider using a password manager (KeePass, LastPass, etc). Consider using multi-factor authentication. Don't fall for "phishing attacks". Make sure your devices are secure Any recommendations? Hydra would not make for 12 characters passwords

Why not use rustscan since you used it before?

Ippsec already confirmed that -sC is not safe scripts its just the default scripts😊😊😊

Btw there is literally a command in pwncat to fix the stty size that was messing up your command :D

Linux is easy what if the redis in on windows that is challenging

D codo details and corp codo details

do a thm livestream man

It's redis not reedis

Use metasploit for reverse shell

How do I switch back to the local terminal? It says "C-k" but i have no idea what that is. I tried control k too?

I'm early