Thank you, John! This is great content!

6:39 ctf narrative 101 edit: 17:21 best way to tell the viewer to subscribe that I have ever seen.

You're my inspiration John❤

Entering Pamela through a gaping security hole 🤔

@SumanRoy.official

Жыл бұрын

💀👀

@0x7ddf1

Жыл бұрын

W

@anonymousbritishcolumbia

Жыл бұрын

😂

@AdalbertAlexandru

Жыл бұрын

Pamela hole 😮

@DavidCooperDavidCooper

Жыл бұрын

💀😂

great video John. please can you make us a relax video of how you use sublime text.

Dude I am watching your batch tutorial from 11 years ago and you uploaded just a few hours ago! You sound the same!

Awesome content, thanks for sharing.

another awesome video John

A newbie question here, is this PAM like the Linux version of windows' lsass? That was quite the interesting take on how to escalate privileges, great content as always!

Thanks John. Nice :D

Great content as always, never come away from one of your videos without learning something valuable.

@roshanlalsaket8881

9 ай бұрын

@dragonballworld_officialpage1 .

Interesting video JH

Great content 😮

Great video! Awesome topic on privilege escalation + root access on Linux.

@nanyabiznus4738

Жыл бұрын

bruh the video was publish 4 min ago and it is almost 22 min long. and you comment 2 min ago. so you already watch the video in 2 min? did you watch 11 sec content in 1 sec?

@LeeZhiWei8219

Жыл бұрын

I anticipated. John usually makes great videos. So....

@nanyabiznus4738

Жыл бұрын

@@LeeZhiWei8219 I see

@taiquangong9912

Жыл бұрын

Would linpeas be used on a live pentest? Would this be artifacts left on the victims network?

learned a new trick thanks john

Lovely work! Thanks for the tips 🖖🐰🍷

Really nice👍!

This is GOLD!

@74Gee

Жыл бұрын

@Testonmeletegramthecydermentor Joined 13 Jun 2023 - nah

Looks like Networkchuck was not wrong about you, nice content !

@thelostvagabond7830

Жыл бұрын

I agree i didnt know about this man before he appeared on NC'S video he has a very great content

@timk7749

Жыл бұрын

I believe this guy could be the MrRobot

@HTWwpzIuqaObMt

Жыл бұрын

How tf haven't u heard of john 😂

You had ownership of not just the directory but pam_deny, I think if you replace this with pam_permit it could be a vector, given you can change the configs

@randykitchleburger2780

Жыл бұрын

AHHH I JUST GOT TO THE PART, winner winner chicken dinner?

wow good work :)

You’re the man

Yess

hey @John Hammond, FYI the CTF page has some typos. // do you need a team to play?

@_JohnHammond

Жыл бұрын

What are the typos? And no, you can create a team of just one user so you can play solo :)

@terraflops

Жыл бұрын

@@_JohnHammond Typos: Prizes > "These are are solely up to the CTF organizers discretion" Rules > [not a typo like i thought but too many "to" s] "The proper to way to ask for help is to explain what you have tried ...." CTF Game: okay, cool. I might strike the courage to try my newbie skills and see how i do

BRazill!

do you have a crash course for anything

Good video

awsome awsome

great guy

I get that this is contrived, but to call it a “degradation attack” makes it seem like there’s an exploitable weakness in PAM itself. If a web server offers both weak and strong encryption, and you can trick the client into choosing the weak - that’s degradation. If Pamela is so foolish as to change the ownership and permission of system level PAM libraries, that’s entirely on her. The weakness demonstrated is a “misconfiguration”, but only in the loosest sense that she went out of her way to do something dumb.

❤❤

4 mins ago, lets gooo

Yo

Great

This looks like oldschool windows cmd bypass by renaming stickey keys to cmd

wow

Early :3

don't zoooooooooooooooooooooooooooom to much the terminal

ମୋର ଏ hacking facking ଶିଖିବାର ନାହିଁ l କାହିଁକି ଏ ଭିଡ଼ିଓ ଛାଡ଼ୁଛ?

Those attack only work in a environment of virtual machine is not real

@Leseratte

Жыл бұрын

Wrong. This attack will work exactly the same on a physical, real hardware machine.

@seansean7653

Жыл бұрын

@@Leseratte do why he doesn't do it in real time using a real machine.

@randykitchleburger2780

Жыл бұрын

​@@seansean7653 because it's completely pointless.

@visvge4934

Жыл бұрын

@@seansean7653 feel free to list off the functional differences of a virtual machine and a real machine :)

What if i install a distro? Yes? And i setup 2 users? Yes? And i give your user privileges? Yes? And i just make my user able to edit PAM modules? Yes? And i make a video on YT about it? Yes? And people will believe i am a hackerman? Of course, they are morons regardless. In all seriousness, why people make videos like these, it's not like Linux is ran by illiterate people that have no idea what they are doing?

Hail to the Channel, This is the my first being around. I'm not good at cooking at all, hence no sandwiches ;-) Here's my thing about the vid: going into the details of basics and then jumping into pam without any exploration, man I don't know what this was meant to be. I'm not a troll, not mocking around but try to find youtube \( -iname *pam* -o -iname *faillock* \) ns>/dev/null

The password doesn't work

Came from @LiveOverflow.

PAM's a floosey... echo "-:ALL EXCEPT root :ALL" >> /etc/security/access.conf