TryHackMe! SweetRice Exploit & Stabilizing Shells
Рет қаралды 54,363
4 жыл бұрынIf you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnhammond010
GitHub: github.com/JohnHammond
Site: www.johnhammond.org
Twitter: / _johnhammond
@guineapigs2998 4 жыл бұрын
Love how gobuster just chugged along in the background the entire video trying to find more directories/files xD It was on a quest, even if it was no longer needed xD
@_JohnHammond 4 жыл бұрын
It's dangerous to go alone -- take this!
@danauri7186 4 жыл бұрын
why is ginger Seth Rogan teaching me computer security?
@tswdev 4 жыл бұрын
Go for Gun Gamers if you want a buffed up Seth Rogan teaching you about guns and airsoft lol. They even have the same glasses: v=uZMMAXugI7E
@zartech-info 3 жыл бұрын
The voice lol. I knew I recognized it.
@sirw369 4 жыл бұрын
Thanks again for an awesome walkthrough! 💪🏼🙌🏼
@WRWhizard 2 жыл бұрын
Being a newbie I found the hash easy enough after discovering the directories and crawling around through them. Once I was logged in I did realize I'd have to look for exploits and did find several for SweetRice. At that point I had no idea how do do what I figured I needed to do. So, I read a walk through. Saw I needed to do RCE and get a shell. Bailed out. Later watching YTVids and saw this one. Chuckled a bit at how long it took you to find the SQL backup but then you took off like a rabbit and I had a real hard time following the rest. I kind of learned the script trick for stabilizing a shell a few nights ago but will need to do it a bunch to retain it. Well... at least I know I'm not gonna do this all by myself yet. Have to watch, read and learn some more.
@gin263 4 жыл бұрын
I just practice My English listening
@AJXD2 Жыл бұрын
Thanks for these videos. I’m learning programming Right Now and you give me motivation to keep going cause one day I might be like you.
@mi2has 4 жыл бұрын
use of searchsploit and script technique was slick, new tools to learn..cool
@mamtachahal1277 4 жыл бұрын
I love watching those videos, even though I don't understand much
@Vogel42 4 жыл бұрын
11:54 a short way to memorize it is TUNA please: ss -tunapl
@_JohnHammond 4 жыл бұрын
AHAHAH that is awesome. Thanks so much!
@tunatuncer5639 3 жыл бұрын
wow thanks for that
@mattfowler6504 4 жыл бұрын
Great video hope you're doing well don't over work yourself to much!!
@thecaretaker0007 4 жыл бұрын
I have been requesting for your stabilize shell script for a long time. Thanks John.
@gametimewitharyan6665 3 жыл бұрын
Brawl Stars
@thecaretaker0007 3 жыл бұрын
@@gametimewitharyan6665 old logo, I miss it
@gametimewitharyan6665 3 жыл бұрын
@@thecaretaker0007 Ahhh, Old Memories :)
@samfretus3394 4 жыл бұрын
Hey John, I appreciate all your hard work and the content you've been releasing as of late, I am new to the world of pentesting and am learning a great deal from your videos! May I ask what theme you're using for sublime text, I have the default but would love an explanation on how to colour coordinate certain symbols and the like, for a better viewing and typing exp. Cheers man, keep up the great work!
@_JohnHammond 4 жыл бұрын
Very happy to hear that! Thanks so much for watching! I use the `monokai` theme in Sublime Text. If you don't have a file saved with a specific extension and it cannot auto-detect what syntax highlight to use, you can enter Ctrl+Shift+P to enter the Sublime Text prompt and then type in something like "bash" or "python" or "html" to find the option to "Set Syntax Hilighting To" and you can specify what it might highlight the code words with. Hope that helps a bit!
@ElGhadraouiTaha 4 жыл бұрын
man i just love your videos !!!!
@ARZ10198 3 жыл бұрын
Just did this box and found your walkthrough for this later xD
@R4yan- 4 жыл бұрын
i love this kind of videos ! :)
@billgen7663 4 жыл бұрын
Once again awesome content!
@kkhek 4 жыл бұрын
awesome highquality content. keep going like this 👍🏽
@yankeesouth 2 жыл бұрын
I like this video and I am not just typing this to kick in the Al Go Rhythm
@WheYPrOTeiNProductions 4 жыл бұрын
Where i can find these stabilize shell scripts?
@WheYPrOTeiNProductions 4 жыл бұрын
Your channel is the future man ,u rocks... Make a vídeo teaching us how to join in the rooms of TryHackMe without subscribe, the tools that you use most to do the test. And how we use python, because i se u always open 2 tabs, i want to learn how to do that, sorry but i am a newbie but a love to watch your videos and im learn a lot thanks.
@peterarbeitsloser7819 4 жыл бұрын
You have to use a terminal emulator called TERMINATOR. Then search for shortcuts.
@solon7740 4 жыл бұрын
How are you running these stabilize shell scripts etc?
@ARZ10198 3 жыл бұрын
check out his poor man's pentest video
@chiragsharma6215 3 жыл бұрын
How do you bring on your own terminal back to tty (after stty raw -echo)?
@lawia8369 9 ай бұрын
fg %1
@gbravy 3 жыл бұрын
What's this setup that you use? Your main machine or something else? It's not a standard Kali vm. Also, it's a much nicer output when using linpeas
@_JohnHammond 3 жыл бұрын
In this video I'm running Ubuntu installed on my laptop, with the Terminator terminal emulator. Thanks for watching!
@ugwsiliguri 4 жыл бұрын
Ur just awesome
@MCCh3ar 4 жыл бұрын
can someone explain to me what's stabilization shell ?
@yarngoblyn 4 жыл бұрын
I'm only a developer, but maybe the problem could be the timeouts of process calls. PHP for example has a max execution time, after this time the mother process kills this child process. If your remote shell runs in the child process it will die. Other aspects would be the comfort feature of bash initial configs like tabulator autocomplete, bash history and a clean input, output and error pipe. PHP, Python, ... could bending the pipes for the child process and could also die on mishandling these.
@2c0bb61 4 жыл бұрын
I believe it is a remote shell that allows things like autocomplete and command history rather than the basic reverse shell which doesn’t have any special features. This is what I think, I’m not fully sure
@t.i.s.r.oofficial7142 4 жыл бұрын
Guys i want to learn all of this so quickly. How long does it take to learn/study this?
@arminharper510 4 жыл бұрын
Anywhere between a year and 12 years :p
@nero2k619 3 жыл бұрын
After 3 months you should be able to understand basic topics and after a year you should be comfortable with what you doing at decent level. Of course if you willing to spent 5 hours per day studying and practising.
@vira7912 4 жыл бұрын
Hi Brother , in my terminal ever stunk when I input "stty raw -echo " and then ctrl +z ,fg %1 It don't respond back nc -lvnp 9001. how to solve please explain me
@ARZ10198 3 жыл бұрын
when you get a non stabilize shell press ctrl+z on that terminal then on the same terminal "stty raw -echo" then "fg "press enter also if you want clear command to work "export TERM=xterm"
@gwnbw 4 жыл бұрын
Amazing vid though 🚩
@novicetrader555 4 жыл бұрын
🔥🔥
@gwnbw 4 жыл бұрын
14:40 my terminal does weird shit when I try to foreground the session, and getting: "Error opening terminal: unknown. " when trying to modify /etc/copy.sh to get a shell for the root.
@bullybilly4105 Жыл бұрын
same issue
@dannyv12 3 жыл бұрын
Can someone explain me why my terminal crashes in tmux and zsh when i do the CTRL+Z; stty raw -echo fg ?
@_JohnHammond 3 жыл бұрын
In zsh, you will need to combine the two stty raw command and the fg command into just one line, with a semi-colon. So it looks like: stty raw -echo; fg
@dannyv12 3 жыл бұрын
@@_JohnHammond damn your fast :-) thanks for you quick answer. love your vids !
@dannyv12 3 жыл бұрын
@@_JohnHammond I've tested it on the root me box on tryhackme the crash is gone but the shell is not stable I can't copy and I can't see what I'm typing and it doesn't create enters. Even the export XTERM didn't word when I execute reset it worked somehow 😎
@brandodelatorre 4 жыл бұрын
Can anyone explain what stabilizing shell can do? I didn't follow it was so fast HAHAHA
@ARZ10198 3 жыл бұрын
It allows you use auto tab , like if you got a shell and when you try to use up and down arrow key it would show just random character like "[^A" so to avoid it we stabilize shell for our ease of use it is not necessary
@floatingblaze8405 4 жыл бұрын
My question isn't why is there a reverse shell, but why the hell does it point to a class C IP address? I thought THM uses class A networks.
@ingokrispin3482 2 жыл бұрын
Guess the person who built this box had tested in their own network before they pushed it to THM. There are many more boxes with references to internal IPs other than class A ones.
@aiden6343 4 жыл бұрын
no idea what he is talking about but still find it fum to watch
@bidfca5980 4 жыл бұрын
JOHN CAN YOU PLEASE MAKE VIDEOS ABOUT BINARY EXPLOITATION AND ASSEMBLY FOR BEGINNERS? I'VE BEEN STRUGGLING A LOT TO LEARN ABOUT IT. LOVE YOUR VIDS
@gibrael_ 4 жыл бұрын
Dá uma olhadinha em um canal chamado LiveOverflow. Também tô aprendendo Binary Exploitation, lá encontrei um conteúdo excelente! Ele tem uma playlist só de Assembly pra Iniciantes!
@bidfca5980 4 жыл бұрын
@@gibrael_ Opa, vlw pela dica ;)
@szymex73 4 жыл бұрын
.
@biswajitdutta6063 2 жыл бұрын
My comment
@leventgul7690 3 жыл бұрын
cevaplara bakanlar +1
@djebbaranon5892 4 жыл бұрын
I have never found suid binary exploit in real life the only way to esculate your privlege is with Kernel's exploit 😂😂
@moonshadow6224 3 жыл бұрын
where do I find the script John used to stable the shell "stabilize_shell.sh"