HackTheBox - "Remote" - Umbraco & Windows

  Рет қаралды 81,104

John Hammond

John Hammond

3 жыл бұрын

Hang with our community on Discord! johnhammond.org/discord
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnhammond010
GitHub: github.com/JohnHammond
Site: www.johnhammond.org
Twitter: / _johnhammond

Пікірлер: 113
@chemputer
@chemputer 3 жыл бұрын
"All the interesting stuff is seemingly just me." - John Hammond, 2020.
@sovietcat4825
@sovietcat4825 3 жыл бұрын
I am 13 and I learn so much from you!!! Keep it coming!
@fionnlive581
@fionnlive581 3 жыл бұрын
Same :D
@Babakinha
@Babakinha 3 жыл бұрын
Nice :D
@ilyesatmania6510
@ilyesatmania6510 3 жыл бұрын
for a long time i've been scared of touching ctf for the complexity and stuff but for real you are amazing and you opened my apetite for this , so thanx a ton
@jmvr
@jmvr 3 жыл бұрын
I'm happy you're doing these again :) Maybe I can catch the stream
@alexb00t
@alexb00t 3 жыл бұрын
Vibing to the KZfaq premier music a minute before it plays
@grandmaashley
@grandmaashley 3 жыл бұрын
grandma approved
@sumittiwari5385
@sumittiwari5385 2 жыл бұрын
I just love to watch your videos. It's because of you that I got to learn many new stuffs. Thank you very much. Plz keep posting new videos and also do suggest new tools and new methods to tackle situations. Lots of love from India 👍😍❤️
@ichigok2594
@ichigok2594 3 жыл бұрын
Pretty excited to see your approach especially the priv esc part. I did the lazy way of team viewer.
@_JohnHammond
@_JohnHammond 3 жыл бұрын
Ha, I probably did the "lazy way" too. :)
@jorisschepers85
@jorisschepers85 3 жыл бұрын
Very cool box this one. Thanks for the good explanation! Keep doing these.
@PotaytoDestroyer
@PotaytoDestroyer 3 жыл бұрын
This is such a satisfying video to watch ... thank you ...
@ac1d8urn
@ac1d8urn 3 жыл бұрын
Nice walkthru - I missed the Teamviewer/Win-rm stuff when I did this one and escalated with 'Invoke-ServiceAbuse' (after an unplanned KOH with someone else trying to do the same ;-) )
@ronakjoshi5093
@ronakjoshi5093 3 жыл бұрын
again a great video by john..keep up the good work 👍
@WhatNameHere
@WhatNameHere 3 жыл бұрын
Hey John, pretty excited... Love your videos 👍
@alexb00t
@alexb00t 3 жыл бұрын
When you put the playback speed on x2 and can see into the future
@asbestinuS
@asbestinuS 3 жыл бұрын
wow, that's scary. Thank you for the video! Learned a lot from it!
@cscogin22
@cscogin22 3 жыл бұрын
I know you tried zsh at one point, did you not enjoy that shell experience? Another good video big guy, thanks for sharing your experience with the community.
@dunkov1
@dunkov1 Жыл бұрын
Amazing! Thank you John!
@musamfeka5404
@musamfeka5404 3 жыл бұрын
Awesome content by the way...I'm a huge fan!!! kudos!
@tangducbao7309
@tangducbao7309 3 жыл бұрын
Very helpful, 39:48 now I know how can you upload a shell without blocking.
@adamsun4070
@adamsun4070 3 жыл бұрын
amazing skills, thanks for the videos
@fecnomio
@fecnomio 2 жыл бұрын
I've pleaser to watching you hacking stuff, thanks a lot.
@grzegorztlusciak
@grzegorztlusciak 2 жыл бұрын
45:38 It's funny that John didn't realise that when he used DIR, the length was showed automatically :)
@flekfckdbsbxdkfkfk8365
@flekfckdbsbxdkfkfk8365 3 жыл бұрын
Nice Video 👍🏻 Do you work on a virtual Maschine ?
@heshammamdouh4644
@heshammamdouh4644 2 жыл бұрын
Thank you For Awesome videos
@_syedalimurtuza_
@_syedalimurtuza_ 3 жыл бұрын
Pleaseeee bring your videos daily...❤
@bl4nk294
@bl4nk294 3 жыл бұрын
"I know it's just an easy box" he says..
@oliviadrinkwine1411
@oliviadrinkwine1411 3 жыл бұрын
right when you said Acme I knew it was some wild e coyote shenanigans
@jongalloway4104
@jongalloway4104 3 жыл бұрын
Awesome as always!
@ardiansyahrukua3020
@ardiansyahrukua3020 3 жыл бұрын
Great I always lear something new evry watch ur vdio
@tylerwalsh6683
@tylerwalsh6683 3 жыл бұрын
That machine was really fun to play with
@slonkazoid
@slonkazoid 3 жыл бұрын
Little did he know, `cURL` comes with modern windows 10
@WhereAreTheJesusShoes
@WhereAreTheJesusShoes 2 жыл бұрын
Wha keyboard are you using? It sounds really great.
@yonatanbenporat4889
@yonatanbenporat4889 3 жыл бұрын
Hey, I need to understand, if u could run that revsehll from the beggining, so why didnt u go for it? There is a special requaierment to that revshll cuz it looks it is gonna work on any windows pc... Ty very much! Hope you will answer me:)
@somebodysomeone23
@somebodysomeone23 2 жыл бұрын
John. It is pronounced as “umbraco” and “gif” PS: awesome video, as always!
@KaLata123456
@KaLata123456 3 жыл бұрын
John love your video. keep it up. Unfortunately bunch of the machine you have done seems to be retired. Cant find them on the site
@rokyanton3323
@rokyanton3323 3 жыл бұрын
good time! enjoyed
@9y028
@9y028 3 жыл бұрын
I think you couldn't scroll back when enumerating with winpeas, since terminator has a default scroll back history. You could disable that for "infinite" scrollback
@kherkert
@kherkert 3 жыл бұрын
You could have connected via teamviewer if you had the teamviewer id. This id can be obtained from the windows registry if your IIS user was able to access it. Registry path: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer Key: clientid
@alexpearce3083
@alexpearce3083 3 жыл бұрын
what do you think about parrot os? would you like to do a ctf on this os?
@protocol1212
@protocol1212 2 жыл бұрын
on your video, did you overlooked the gobuster output for "install" giving you a status code of 302? This usually contains juicy information.
@Hitmonkey420
@Hitmonkey420 Жыл бұрын
The redirect was to the umbraco login page
@yppjeevan
@yppjeevan 3 жыл бұрын
Hey brother your videos are awesome!!
@_JohnHammond
@_JohnHammond 3 жыл бұрын
Thanks so much!
@alifareeq228
@alifareeq228 3 жыл бұрын
keep it up love from iraq ♥️
@highfish2823
@highfish2823 2 жыл бұрын
happy funky Friday is funny because Im looking this at a friday
@Hitmonkey420
@Hitmonkey420 Жыл бұрын
Does anyone have a nudge for TypeError: 'NoneType' object is not subscriptable? I used the exploit from the github repo with the requirement.txt file. Used quotes for url like the readme. Probably a connection problem? The script will also complain when there's no args input -a for -c ipconfig or other one worders. Any help would be great
@i_sometimes_leave_comments
@i_sometimes_leave_comments 3 жыл бұрын
9:00 Can you provide a link to that "batman" bash extension? I can't seem to find it.
@mehran5040
@mehran5040 3 жыл бұрын
i found it here github.com/sharkdp/bat
@notelon
@notelon 3 жыл бұрын
Dude i love you
@thegoldengriffin6377
@thegoldengriffin6377 3 жыл бұрын
Do you have any more tips for becoming a specialist in cybersecurity
@chemputer
@chemputer 3 жыл бұрын
Learn. Practice. Learn more. Practice more. Repeat. Edit: maybe throw a shower in there somewhere, that helps as well.
@JCtheMusicMan_
@JCtheMusicMan_ 2 жыл бұрын
When your enumeration skilz become parallel enumeration. New CTF challenge using your microphone to enumerate through all the pronunciation possibilities of your scripting toolz until the interpreter spits out the flag 😁
@ino145
@ino145 3 жыл бұрын
How do you get into a win 10 then with Windows antivirus active? (So wanna hop into my brother's machine, just to see if I can)
@Luxgil
@Luxgil 3 жыл бұрын
You're a beast!
@thowbikdustan6515
@thowbikdustan6515 3 жыл бұрын
hey john, cronos box in HTB is retired now can you do video on that. ?!
@harelr5041
@harelr5041 3 жыл бұрын
John! Are you working on a special Linux distribution or is it just simple ubuntu with tools installed?
@_JohnHammond
@_JohnHammond 3 жыл бұрын
Just a simple Ubuntu installation with tools installed :) Thanks for watching!
@RobinKberg
@RobinKberg 3 жыл бұрын
"KZfaq Algorithm stuff"
@arz8261
@arz8261 3 жыл бұрын
Do you use another terminal like "Terminator" or it's just color scheme extension ?
@chemputer
@chemputer 3 жыл бұрын
He literally says this in the video pretty early on. For the very pretty cat output: github.com/sharkdp/bat There's also this nice list of *very* useful tools to improve it. remysharp.com/2018/08/23/cli-improved He's also using terminator, as you can see up in the top left corner of the terminal, where it says /opt/terminator.
@arz8261
@arz8261 3 жыл бұрын
@@chemputer Tenks
@jbetts977
@jbetts977 3 жыл бұрын
6:00 "The holy words" 😆
@telnobynoyator_6183
@telnobynoyator_6183 3 жыл бұрын
he said holy wars
@SanjayKumar-tv6hu
@SanjayKumar-tv6hu 3 жыл бұрын
I love this video 🤩 😍💖💖💟 please make more this type videos big fan sir from India
@h8handles
@h8handles 3 жыл бұрын
Okay using win-rm i have issues getting the rubey gems file to install....you should do a video on install at least
@phyziks09
@phyziks09 3 жыл бұрын
When you said "GOOGLE MAPS" it closes out of KZfaq and reopened the Google maps app
@cajunchampagne2469
@cajunchampagne2469 2 жыл бұрын
Umbra co um-bra-co, bro.
@rainet482
@rainet482 3 жыл бұрын
how can i join your discord channel i ran $verify but its not working any help???????
@cyberbranch8008
@cyberbranch8008 2 жыл бұрын
On a actual system you Won't be able to use msfvenom or metasploit. How do I do such things John?
@BECSE-SSubiramaniyan
@BECSE-SSubiramaniyan 3 жыл бұрын
Intresting
@kenny-kvibe
@kenny-kvibe 3 жыл бұрын
umbreako, umbraco, hahaha JIF, GIF, made me laugh :)
@samsepi0101
@samsepi0101 3 жыл бұрын
Can you help me with an exploit on windows10 through open port 6881 which is the BitTorrent server open port.
@y.vinitsky6452
@y.vinitsky6452 3 жыл бұрын
Do you follow ippsec? Because this isn't the first time you posted the same htb bix at the same time 😜
@vamsikolati
@vamsikolati 3 жыл бұрын
every Saturday hackthebox retires an old box so there's nothing to follow
@arz8261
@arz8261 3 жыл бұрын
OP
@Ewakaa
@Ewakaa 2 жыл бұрын
Ubuntu or Kali Linux?
@nuridincersaygili
@nuridincersaygili Жыл бұрын
Cool!
@enockherman6148
@enockherman6148 3 жыл бұрын
Bro I love your work but please your too fast. Some explanations needed on some tools used. But Otherwise I love your work. Your a great person
@Pharm8alin
@Pharm8alin 3 жыл бұрын
Nice
@onkarkawathe1369
@onkarkawathe1369 3 жыл бұрын
# Nice, keep it up 👍🤩
@rodneynsubuga6275
@rodneynsubuga6275 3 жыл бұрын
Hey sir what didn;t u use wmic.exe to remote code exexute
@Joshua1_7sc
@Joshua1_7sc 3 жыл бұрын
You didn't even migrate your meterpreter
@stevie1da_
@stevie1da_ 3 жыл бұрын
I think the metasploit exploit failed because the base dir was set wrong
@kuntaldas2843
@kuntaldas2843 3 жыл бұрын
"youtube algorithm"
@ctfspot5691
@ctfspot5691 3 жыл бұрын
Cool.
@sirw369
@sirw369 3 жыл бұрын
0:15 I can relate bro :{ LOL
@LarryTheRoleplayerTM
@LarryTheRoleplayerTM 3 жыл бұрын
12:50 uhhhhh that's not a "quick snapshot"
@R4yan-
@R4yan- 3 жыл бұрын
hey
@gabrielveilleux5935
@gabrielveilleux5935 3 жыл бұрын
ho
@ari_archer
@ari_archer 3 жыл бұрын
19:47 this code is offensive to python
@hamedranaee5641
@hamedranaee5641 Жыл бұрын
you are the exploit bruh !
@bech2342
@bech2342 3 жыл бұрын
do you know ippsec? lol - looks nearly a 1:1 copy of it. 🙊
@Y3llowMustang
@Y3llowMustang 3 жыл бұрын
I watched ippsecs video a few days before and yeah this is basically exactly the same steps he took, disappointing
@johnstreety6682
@johnstreety6682 3 жыл бұрын
I don't think so. ippsec gets crazy with the linux commands
@bryanramadhan5460
@bryanramadhan5460 3 жыл бұрын
Am I the only one here where all the exploits don't go well? I even finished this box with the Burp suite 😑😕
@0x1hey_hacker
@0x1hey_hacker 3 жыл бұрын
花儿都等谢了
@biohackingalchemy7996
@biohackingalchemy7996 Жыл бұрын
My issue with all these CTF's is, rarely does any of that work in a real world pen test, especially when you are given 40 hours to test a network, not just 1 machine. and dirbuster? in 15 years its not come in handy beacuse, REAL COMPANIES DONT USE WORDPRESS lol
@sandra8139
@sandra8139 Жыл бұрын
I have a idea look at my identity there will be a name to give them that Will help you know me from them
@morganpg
@morganpg 3 жыл бұрын
16th comment 1,367th view
@ScreamingElectron
@ScreamingElectron Жыл бұрын
I still trip out on how these are "easy" machines...should be medium at the very least.
@rafaelpuporojas3623
@rafaelpuporojas3623 Ай бұрын
tu fast thats why you dont aprove de cert
@jacobfurnish7450
@jacobfurnish7450 9 ай бұрын
Lol "easy box"
@SB-nd6kn
@SB-nd6kn 2 жыл бұрын
Silly comment for the algoritm
@sasmitbataju
@sasmitbataju 3 жыл бұрын
You're not that good but you can hack teh box
@XninjapwnerX
@XninjapwnerX 3 жыл бұрын
it's pronounced umbraco
@constroyanonymous7830
@constroyanonymous7830 3 жыл бұрын
Hey John can u take a look on WWBuddy at tryhackme ?
@MrMichaelBPedersen
@MrMichaelBPedersen 3 жыл бұрын
*Generic silly comment*
@minerzcollective6755
@minerzcollective6755 3 жыл бұрын
The abstracted theater basally pat because lyric disturbingly preach during a curious blood. ten, nebulous rainbow
Gitlab LFI to RCE - HackTheBox "Laboratory"
1:13:44
John Hammond
Рет қаралды 113 М.
Plundering AWS S3 Buckets - HackTheBox
1:04:04
John Hammond
Рет қаралды 72 М.
skibidi toilet 72 (part 1)
03:06
DaFuq!?Boom!
Рет қаралды 26 МЛН
КТО испугается больше всех?
00:30
Аришнев
Рет қаралды 7 МЛН
Uncovering NETWIRE Malware - Discovery & Deobfuscation
59:46
John Hammond
Рет қаралды 89 М.
FAKE Antivirus? Malware Analysis of Decoy 'kaspersky.exe'
1:28:19
John Hammond
Рет қаралды 269 М.
Bruteforcing MFA & Fail2ban Manipulation - TryHackMe! (Biteme)
44:38
TryHackMe! Bypassing Upload Filters & DirtySock
53:38
John Hammond
Рет қаралды 67 М.
KOVTER Malware Analysis - Fileless Persistence in Registry
1:28:14
John Hammond
Рет қаралды 329 М.
He tried to hack me...
34:15
John Hammond
Рет қаралды 370 М.
HackTheBox - Remote
47:52
IppSec
Рет қаралды 39 М.
Snip3 Crypter/RAT Loader - DcRat MALWARE ANALYSIS
1:42:04
John Hammond
Рет қаралды 486 М.
How the Best Hackers Learn Their Craft
42:46
RSA Conference
Рет қаралды 2,5 МЛН