6:39 ctf narrative 101 edit: 17:21 best way to tell the viewer to subscribe that I have ever seen.

Dude I am watching your batch tutorial from 11 years ago and you uploaded just a few hours ago! You sound the same!

Thank you, John! This is great content!

great video John. please can you make us a relax video of how you use sublime text.

You're my inspiration John❤

Entering Pamela through a gaping security hole 🤔

Great content as always, never come away from one of your videos without learning something valuable.

A newbie question here, is this PAM like the Linux version of windows' lsass? That was quite the interesting take on how to escalate privileges, great content as always!

Awesome content, thanks for sharing.

another awesome video John

Great video! Awesome topic on privilege escalation + root access on Linux.

Thanks John. Nice :D

Looks like Networkchuck was not wrong about you, nice content !

Lovely work! Thanks for the tips 🖖🐰🍷

Interesting video JH

learned a new trick thanks john

Great content 😮

hey @John Hammond, FYI the CTF page has some typos. // do you need a team to play?

You had ownership of not just the directory but pam_deny, I think if you replace this with pam_permit it could be a vector, given you can change the configs

Really nice👍!

do you have a crash course for anything

I get that this is contrived, but to call it a “degradation attack” makes it seem like there’s an exploitable weakness in PAM itself. If a web server offers both weak and strong encryption, and you can trick the client into choosing the weak - that’s degradation. If Pamela is so foolish as to change the ownership and permission of system level PAM libraries, that’s entirely on her. The weakness demonstrated is a “misconfiguration”, but only in the loosest sense that she went out of her way to do something dumb.

Yess

This is GOLD!

wow good work :)

BRazill!

Good video

You’re the man

awsome awsome

great guy

Yo

❤❤

Great

This looks like oldschool windows cmd bypass by renaming stickey keys to cmd

wow

4 mins ago, lets gooo

ମୋର ଏ hacking facking ଶିଖିବାର ନାହିଁ l କାହିଁକି ଏ ଭିଡ଼ିଓ ଛାଡ଼ୁଛ?

don't zoooooooooooooooooooooooooooom to much the terminal

Early :3

Those attack only work in a environment of virtual machine is not real

What if i install a distro? Yes? And i setup 2 users? Yes? And i give your user privileges? Yes? And i just make my user able to edit PAM modules? Yes? And i make a video on YT about it? Yes? And people will believe i am a hackerman? Of course, they are morons regardless. In all seriousness, why people make videos like these, it's not like Linux is ran by illiterate people that have no idea what they are doing?

Hail to the Channel, This is the my first being around. I'm not good at cooking at all, hence no sandwiches ;-) Here's my thing about the vid: going into the details of basics and then jumping into pam without any exploration, man I don't know what this was meant to be. I'm not a troll, not mocking around but try to find youtube \( -iname *pam* -o -iname *faillock* \) ns>/dev/null

Came from @LiveOverflow.

The password doesn't work

PAM's a floosey... echo "-:ALL EXCEPT root :ALL" >> /etc/security/access.conf