Real talk, I learn more from John's videos than I do from any kind of infosec "course". Absolutely brilliant stuff.

*script finishes in a minute* "It has finished in just under a hour." Interpret howerever you like.

Can you make a video where you haven't done a tryhackme box in advance? I like watching you go through the problem solving part instead of just showing how you did it before.

Terminal: [Finished in 56.9 s] Hammond: Finished in just under an hour...

Your vids with your first attempt are my favorite. I enjoy watching you get stumped for a bit and figuring out the next avenue. Thanks for expanding my mind on a regular basis.

Great playlist so far! One of the best learning experiences I've had so far in this field. Everyone else appears to have practiced every box multiple times before streaming. So if we face any issues at all (as they probably did behind screens) we're in the sinker. However, showing the mistakes and the steps to get around or out of any situation is priceless in my opinion. As it shows the method of thinking behind diagnosing what the issue is and what routes you can take to rectify the situation as a professional does. Keep up the great work man!

I so much love the way you explain and how you try several methods. The video is very relatable showing that we are allowed to try and fail and try again.. very very cool specially the Recap in the end. Thanks so much ! 🙏🏻

That was one of my favorite video you did, awesome learned a lot from it, Thank you for sharing

I was doing similar box yesterday and spent the whole day learning the log poisoning technique (even tho got it working at the end but wasn't fully understand why). Only if I watch this video yesterday then I could have save a day worth of researching. Your video are awesome and very informative for beginner/hobbyist . Looking forward to learn more from you :)

@21:00 It removes the whitespace, because in the Python code you have x.strip(), if you remove strip() function you will get the PHP file with whitespaces in it. I also had to do some utf-8 encoding/decoding before sending it to the server (although I think that's not really important i think), and it worked! Thanks for the great content

Loving the videos. Just caught the bug. Loving the fact names that John gives to symbols even more ( '

You could use the php $_GET to curl a reverse shell from your own machine and pipe that to php to get a shell

I know it's an old video, but I've been trying to do this CTF all day. Watching other videos, and reading write-ups on this exact one. I couldn't get anything else working until I found your video. I kept breaking my apache logs like you explained. Anyway, good stuff. Keep it up man.

the big inspirator thxxx jhonn

I like it even more if you don't know the answer right away, seeing you wander in the dark makes me learn a lot.

Dude i am learning so much from you.. Thanks 🙏🙇

awesome content keep up the great work

That thumbnail doe!! 🔥

Amazing video, very entertained, you are a genius, a total code and hacking wizard

Great stuff!

Cant wait

Really Great !!!

Half the time I don’t know what’s going on but its entertaining watching him hack things with such ease

Code execution using the log file and the user agent is mind-blowing! Where the hell do you find those solutions?? I love the way how you "hackers" think outside de box, you are really genius guys!

I love the way this guy navigates thru the OS. I have Ubuntu, Kali and Windows 10. lol Trying to mastering 3 at the sametime.

Love your videos. Love From Bangladesh ❤

I did this room today and had a bumpy ride, then I watched this video and saw you struggle with some of the same things which was kind of nice to be honest 😅

Very cool as always thanks for making this stuff really helps noobs like me :)

I love your Python coding in the Videos

nooo, what happend with the original one, i watched you make it for hours.

Tha was a nice one

Just a quick question because I'm not sure what I'm missing: why not just send the whole file over in one request as base64 instead of sending it as individual lines?

that was epic 😎

Cool thing

I really enjoyed the tutorial and I thought the "mishaps" were actually educational.

16:37 What's the purpose of base64 encoding? You can write text into a file so what's the issue?

that is huge man

This room gave me a hard time

I checkout if it possible on my apache2 server or if is fixed already...that is scary!

Pretty sure the & doesnt get url encoded when you put it in the url which breaks stuff so thats probably why the reverse shell wasnt working

I really wanna learn this but no idea where to start. I once downloaded Kali a long time ago, but yeah, no idea what I was doing. :D I've always been on Win machines also, so don't know any code etc. I know basic. ls, dir, cd.. And is it still safe to install Kali(and probably a vm)

Protip, urlencoding the first payload you tried 'bash ×××××××' works.

Beginner question: Why do you need to base64 encode it and than after you've uploaded it, decode again? Some source why you have to do this ?

Great job. How would you rate the difficulty of this box with the ones on the oscp?

How did you know when it was broken, just because it wasn't receiving the variable?, I make a mistake writing the code for that, but it was difficult to spot it, since it do not say any error, the variable just didn't receive any value so didn't show me anything, it did show me the part of : system(): Cannot execute a blank command in so I thought everything was done right and didn't knew i wrote the code wrong was it the same for you or did it show something for you?, thanks for your tutorials they are nice!

John you don't need to have python. You can also type 'bash -i'

thanks bro ,, but i hope to upload scripts file that related with yours videos .

Wow Good jop 🎉🎉🎉

You're a fucking beast, love it

can you do the skynet room on tryhackme? would be appreciated?

❤🤚

An hour?? A minute looking at your clock

11:50 it may have worked with python, you did (“)” instead of (“”)

That's was hard (for me)

since you have a rce on that box, why not upload any shell source on a text hosting site like pastebin then curl/wget that file to that box xD

this shell doesn't work in pentestbox do you know any way to do it?return the error 101

Why do you prefer Sublime Text over VS Code?

I keep getting a "fatal flaw" error when accessing the access.log. Anyone else?

My guess is that everyone who did the box broke the access.log atleast one time lol

Ok sorry if this question seems very dumb but I'm just trying to learn, would it be possible to use a tool like gobuster to find the "hidden" addresses on the page? instead of manually looking for them?

Wizard

Try perl rev shell

watching this video makes me feel like a hacker, even though i never used linux 🤣

what the hell this is medium difficulty??

'Comment button'

you tried a lot, but the reverse shell upload is not that hard in this machine.

The amount of time someone like John spent on it, the amount of coding involved and techniques used, makes me suspect that this is shouldnt be classified as an "easy" room on THM lol