Ethical Hacking: Bypass Passwords with Linux PAM Degradation Attack
j-h.io/ethicalhacking || Jump into Snyk’s Ethical Hacking 101 Workshop on June 21 at 11am EDT -- it’s FREE! j-h.io/ethicalhacking
AND HEY PLEASE REGISTER AND PLAY NAHAMCON CTF ctf.nahamcon.com
🔥 KZread ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Пікірлер: 67
Thank you, John! This is great content!
6:39 ctf narrative 101 edit: 17:21 best way to tell the viewer to subscribe that I have ever seen.
You're my inspiration John❤
Entering Pamela through a gaping security hole 🤔
@SumanRoy.official
Жыл бұрын
💀👀
@0x7ddf1
Жыл бұрын
W
@anonymousbritishcolumbia
Жыл бұрын
😂
@AdalbertAlexandru
Жыл бұрын
Pamela hole 😮
@DavidCooperDavidCooper
Жыл бұрын
💀😂
great video John. please can you make us a relax video of how you use sublime text.
Dude I am watching your batch tutorial from 11 years ago and you uploaded just a few hours ago! You sound the same!
Awesome content, thanks for sharing.
another awesome video John
A newbie question here, is this PAM like the Linux version of windows' lsass? That was quite the interesting take on how to escalate privileges, great content as always!
Thanks John. Nice :D
Great content as always, never come away from one of your videos without learning something valuable.
@roshanlalsaket8881
9 ай бұрын
@dragonballworld_officialpage1 .
Interesting video JH
Great content 😮
Great video! Awesome topic on privilege escalation + root access on Linux.
@nanyabiznus4738
Жыл бұрын
bruh the video was publish 4 min ago and it is almost 22 min long. and you comment 2 min ago. so you already watch the video in 2 min? did you watch 11 sec content in 1 sec?
@LeeZhiWei8219
Жыл бұрын
I anticipated. John usually makes great videos. So....
@nanyabiznus4738
Жыл бұрын
@@LeeZhiWei8219 I see
@taiquangong9912
Жыл бұрын
Would linpeas be used on a live pentest? Would this be artifacts left on the victims network?
learned a new trick thanks john
Lovely work! Thanks for the tips 🖖🐰🍷
Really nice👍!
This is GOLD!
@74Gee
Жыл бұрын
@Testonmeletegramthecydermentor Joined 13 Jun 2023 - nah
Looks like Networkchuck was not wrong about you, nice content !
@thelostvagabond7830
Жыл бұрын
I agree i didnt know about this man before he appeared on NC'S video he has a very great content
@timk7749
Жыл бұрын
I believe this guy could be the MrRobot
@HTWwpzIuqaObMt
Жыл бұрын
How tf haven't u heard of john 😂
You had ownership of not just the directory but pam_deny, I think if you replace this with pam_permit it could be a vector, given you can change the configs
@randykitchleburger2780
Жыл бұрын
AHHH I JUST GOT TO THE PART, winner winner chicken dinner?
wow good work :)
You’re the man
Yess
hey @John Hammond, FYI the CTF page has some typos. // do you need a team to play?
@_JohnHammond
Жыл бұрын
What are the typos? And no, you can create a team of just one user so you can play solo :)
@terraflops
Жыл бұрын
@@_JohnHammond Typos: Prizes > "These are are solely up to the CTF organizers discretion" Rules > [not a typo like i thought but too many "to" s] "The proper to way to ask for help is to explain what you have tried ...." CTF Game: okay, cool. I might strike the courage to try my newbie skills and see how i do
BRazill!
do you have a crash course for anything
Good video
awsome awsome
great guy
I get that this is contrived, but to call it a “degradation attack” makes it seem like there’s an exploitable weakness in PAM itself. If a web server offers both weak and strong encryption, and you can trick the client into choosing the weak - that’s degradation. If Pamela is so foolish as to change the ownership and permission of system level PAM libraries, that’s entirely on her. The weakness demonstrated is a “misconfiguration”, but only in the loosest sense that she went out of her way to do something dumb.
❤❤
4 mins ago, lets gooo
Yo
Great
This looks like oldschool windows cmd bypass by renaming stickey keys to cmd
wow
Early :3
don't zoooooooooooooooooooooooooooom to much the terminal
ମୋର ଏ hacking facking ଶିଖିବାର ନାହିଁ l କାହିଁକି ଏ ଭିଡ଼ିଓ ଛାଡ଼ୁଛ?
Those attack only work in a environment of virtual machine is not real
@Leseratte
Жыл бұрын
Wrong. This attack will work exactly the same on a physical, real hardware machine.
@seansean7653
Жыл бұрын
@@Leseratte do why he doesn't do it in real time using a real machine.
@randykitchleburger2780
Жыл бұрын
@@seansean7653 because it's completely pointless.
@visvge4934
Жыл бұрын
@@seansean7653 feel free to list off the functional differences of a virtual machine and a real machine :)
What if i install a distro? Yes? And i setup 2 users? Yes? And i give your user privileges? Yes? And i just make my user able to edit PAM modules? Yes? And i make a video on YT about it? Yes? And people will believe i am a hackerman? Of course, they are morons regardless. In all seriousness, why people make videos like these, it's not like Linux is ran by illiterate people that have no idea what they are doing?
Hail to the Channel, This is the my first being around. I'm not good at cooking at all, hence no sandwiches ;-) Here's my thing about the vid: going into the details of basics and then jumping into pam without any exploration, man I don't know what this was meant to be. I'm not a troll, not mocking around but try to find youtube \( -iname *pam* -o -iname *faillock* \) ns>/dev/null
The password doesn't work
Came from @LiveOverflow.
PAM's a floosey... echo "-:ALL EXCEPT root :ALL" >> /etc/security/access.conf