Liked this box, it has more puzzle-solving rather than actually hunting for vulnarabilities, which is quite a breath of fresh air.

you have no idea how much i'm learning here . Please never stop doing this.

That thing with Alice private key- that's why I ALWAYS run "ls -laR /home"

Really enjoyed the dive into the unknown territory at the end. Thank you for all your amazing work John.

Love the deep dive! very educational

Awesome walkthrough, all those open ports were messing with me when I first started the room

You are a true king John. Thank you for your efforts to teach us. Hope you get to 1 millions subs soon

That last segment you did is what changes the game for me, and all other aspiring hackers out there :) really appreciate it John !

Great video John, thanks - learnt a lot!

amazing video again had an amazing learning experience you rock man

Simple and easy to understand every step well explained thnx for your efforts 😀😀

Thanks boss! Great content ;)

really liked this room and your pwncat thanks for this ❤❤

Nice Job. Good to see those.

tryhackme videos from you always teached me new things. thanks john

Nice informative video. Kudos to box Creator.

I love these videos. Every time I watch one of your videos I wonder if you know about clipboard managers lol Clipboard history is SO good.

I know some script languages and shell commands but never touched Python. Your'e video are so inspiring that i will start to learn some Python language. Wrote already 4 simple scripts to learn a bit about the syntax just for fun. Thanks for the video!

11 hours, cant wait!

What a beautiful video ❤️

John not recognizing the Jabberwock poem even AFTER decrypting it was both painful and hysterical. That's probably what I get watching these videos with an arts degree....

Seriously I've been binge watching your videos all day. spamming connections is what lead to the 10600 ban list on my server, I had initially set it to 3 tries max, until I lowered it down to 1 try. the total was around 5000 different IP being blocked (mostly from China/Russia). What really stopped this useless waste of bandwidth was just changing the port for a couple of minutes :) Anyway in my eyes the amount of reasonable attempt you really need to connect to a server is around 1, 2 at most (for critical servers like the one that holds all the pw). That's also how I got banned from my registar :) I fired up a script that would connect back to the tiny VPS I had set up and forgot a character, and sure enough after 4 tries I got kicked off. I really like all the videos I've watched so far, because they really go into details and highlight some of the things that can go wrong in security, but also, most of the issues arise from either easy passwords, or storing the password in plain text on the server, the real juicy parts are random exploitation of an underlying program. So fare I think I'm still secured with my boxes :)

Scrolling through the Linpeas output isn't so bad (except the 3k ports on this one lol), you stop and explain things when you see them. Gives me idea of what I can look for in the future and what it might mean.

Aaarggh, How can you have never heard of the Jabberwocky. But apart from that - awseome as usual.

@JohnHammond I really like the pwncat deep dive it was nice to see you not just you complete a challange but modify a tool when it did not meet your needs that is what I feel like hacking is at the core! No?

very nice video thanks for share :)

love when u ranting!

You're soooo awesome!

You could use tac command. It's the reverse of cat. No need to explicitly pipe rev

great man .. jest great

There was more puzzle than hacking for the first 21 mins 😆

Great video... I have to try pwncat ;-) - Some ideas for pwncat : In the old days we run Satan on Unix systems (Worked with SCO,Ultrix and HPUX) Today we run "Lynis" on our Linux systems and pipe to to a mail. It gives alot for fail config info and missing updates. Also look for an old nmap or proftpd server....etc (just ask the package system for versions and find the exploit !)

I live for that hair

on fire these last 4 days

Best vid so far. Thanks

6:30 yea... we both asking the same questions.

Do you run linux in wsl or do you have it installed as your main OS?

good Tutorial:)

heard the intro before i looked at the screen... could've sworn this was seth rogans voice.

U d best john❤❤ I lost the connection twice to the machine by 1.rebooting with a typo in my reverse shell command 2. Hitting ctrl c on nc shell ( forgot to stabalize)🥺🥺😭 #poorme

I am at reboot, I want to solve it myself before watching this video but no cluess, can't wait

This is interesting ....

Are you just slaying the content or what, I see you out there trying the hacks like every day now. GG, John your one of my favorite content creates out there I learn how to be more productive && tactful after MAKE INSTALL your content to the /brain.

you're the best

Finally with pwncat xD

Very excited. I will be in class while watching your video tomorrow lol. I am so far behind on your videos. SUCKS

12:21 nmap has script for leet speak. is the direction i would have went. maybe the gobbledygook is base64 or something.

Are u using ubuntu 16.04 or 20.04 with unity desktop?

You should make long videos It's great

How do you do that prompt --fancy thing in pwncat

Nice bro ket it up

What’s the config of the pwncat you’re using ?

6:30 - that's what I thought to myself after trying to run linPeas on a windows machine

can someones help me. i downloaded pwncat and everything works fine except the privesc command i re downloaded it and it still does't work. is this something i have to add myself or how do i do this?

6:30 Maybe I'm too high?

why not to use binary search in connecting script?

9:00 you could do this with binary search algorithm

59 minute video wooooo XD

I see there's a lot of deciphering going on here... Any good recommendations for cryptographic courses?

They don't teach The Jabberwocky at USCGA?

I would've watched whole stream of you going through this the first time. My opinion is that you create a different channel for streaming these rooms and later use clips from them to create video for this channel.

9224 though, hope you fixed it, although it's not a huge error xD

"I hope you enjoy this"? Really?? 🙂 I was - freaking - applauded standing 🧍‍♀️ 👏👏👏👏👏👏👏👏👏 Thanks, John! 🤝

Nice ❤️❤️🌹

automate the process with a bsearch

Cant you just get around the changing password by injecting your ssh key into the .ssh/authorized_keys before rebooting? (30:45)

I've been trying to use pwncat for shells but i doesn't work like it does in this clip, it just gives me a shell that is less stable than netcat. I have it downloaded and also the environment but it doesn't seem to run like this clip

u could have done a binary search to find that mid port way faster editing: ohh you have done that

The discord link says it is invalid

What Linux Os is he using?

youtube allgorithm thing! ;-)

Am I the only one that created a python script for the ssh port game ? 😅 Btw thanks to this box I now always do cat /home/*/.ssh/id_rda on each box 😀

vin-ie-ehre

Does anyone else watch him because he sounds like Seth Rogen... no? Just me? Alright..

I thought this was gonna involve KVM looking-glass :/ dissapointed to say the least.

Kep*

Port 9224

Can someone help me out am trying to do hackthebox machines and tryhackme using wls2 but am having difficulty when doing web related tasks i can seem to get the ip of machine to work on my Windows host browser

Why `cat | rev` instead of `tac `?

StrictKeyHeck...

:D

try monitoring ssh conversations first

find . -not -user alice -ls

Lewis Carroll. Pretty interesting stuff, clearly the nonsense poem. Cmon Hammond go take an English course!

for i in $(seq 9000 100 13000); do ssh -o StrictHostKeyChecking=no -p $i IP ; done ; echo "John Hammond do the best content of security" :)

This was a fun room! Not sure if anyone else had this issue but i was getting the "No matching host key type found. Their offer: ssh-rsa" error message when attempting to SSH to the ports. To get around this I had to add the '-o' switch with 'HostkeyAlogrithms=+ssh-rsa' as the argument so, my working ssh command was: ssh -p 9001 -o HostKeyAlogrithms=+ssh-rsa user@victim.ip hopefully this helps anyone!