TryHackMe! Buffer Overflow & Penetration Testing
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnhammond010
GitHub: github.com/JohnHammond
Site: www.johnhammond.org
Twitter: / _johnhammond
Пікірлер: 84
Lord Pingu didn't deserve his name to be slandered >:(
@_JohnHammond
4 жыл бұрын
NOOT N00T
That room is a fantastic walkthrough for simple buffer overflows. Great job on the vid and to the room creator!
You are just amazing. Thank you for making such worthful videos. I'm learning so much, everyday, just lookin' at your tutorials. God bless you John
Happy to see a video on the whole process of executing a buffer overflow exploit. Helps from the programming side to understand more of what needs to be done to make code more secure (evil strings!)
This is a brilliant room John also a brilliant video. Thanks.
Thanks for that great walk thru and the "Think allowed" approach!! Cheers
Cool man. Learning so much watching your videos
"noot noot!". That penguin is from a kids show I used to watch here in NZ called pingu.
thank you for everything john!!!
Thank you for another great video
This is one of the first I've seen where we actually fills in the readme. Most of them, he makes the readme, and never goes back to it :)
Thats so awesome about the room u made congratulations
@_JohnHammond
3 жыл бұрын
Thanks so much! Peak Hill seemed to be well-received!
very cool vid as always :) , and cant wait to work on your room :)
Here we go, bring it up John :)
This is pure gold for me!
Great video! Do you have a video that explains all of the scripts/repositories you're using? Thanks!
"now we are papa"
Hey John-love your videos , keep it up. On this particular video when you perform the netcat for reverseshell you use 2 commands on the your attacking machine to connect to the victim besides setting up the listener (nc -lnvp 12789). Those 2 commands are nc_reverseshell.sh and nc_stabilize.sh. Can you explain where do you get those executables and how they apply to this use case. Thanks
buffer overflow part is great
I did the same thing with wget a few days ago lol. Downloading the source instead of raw output.
Nice run through. was a wee bit fast in some locations though to see what you were doing.
How come you're not using "dir" option in gobuster in current version it's necessary i guess... ippsec does use it... i struggled with that few times
Can someone comment what the multi window term is? I like the way John jumps quickly to a split for the ping then closes (what hotkeys are being used?)
What does stablise shell do ?
Soo good!
Can't find it - has the room been removed?
4:36 Lies, i screamed ^^
Tryhackme is great for learning. I used to learn new techniques or new languages only on Udemy, but in my opinion I learn much better on THM as it's quite practical. Without your channel id propably never found that website
10:05 I'm just curious, why is it not the best to take it from the repos ? is it not updated regularly ?
@scheli
4 жыл бұрын
Mostly for ubuntu universe packages, it will get no updates at all. He is using xenial, the sqlmap package there is 4 years old :)
@Thmyris
4 жыл бұрын
@@scheli oof
Peak hill hype !!! Im choosing not to watch this video (for now) sinve I will try it myself.If I stuck-I know where to find all the answers John :)
Can i know what the version of ubuntu that you are using now?
whoa whoa whoa. what is this guake and stabilize shell thing you did? I need that so so much. Incoming DM.
More please!
@_JohnHammond
4 жыл бұрын
More on the way! Thanks so much for watching!
Even I have the habit of keeping a log/notes/writeup of any ctf or task
Where can I start learning about hacking ? I’m very interested
Does anybody know what software he uses for the Linux terminal? Or is it the default for some distro? Would like to use. Thanks!
@nicolassurfay2585
4 жыл бұрын
it's terminator
i also try buffer overflow but it printed out permission denied on $ cat /var/backups/shadow.bak
this room took me 4 hours to complete!!!
Lol that's what I do. Throw my notes on GitHub as a writeup.
you the real mvp :'(
Could please make a video on what you did at 16:21
Aaand WHAT IS HAPPENING made me laugh lmao
Loved peak hill
@_JohnHammond
4 жыл бұрын
Happy to hear that, thanks so much for playing!
Do an easy room for us newbies 😁
This seems super cool/fun to do. Is there a way to go about learning all this? If so, does anyone have any tips/ places I can go to and learn? (I am brand new to this and would need to start from the very beginning)
@Apathy474
Жыл бұрын
What did you end up doing
plz make video for Ignite room !!
Did this one last night and got caught at the same point with the 'hidden' passwd file, looking for a file owned by pingu.
@_JohnHammond
4 жыл бұрын
That was tricky! Thanks for watching!
What video recording software do you use?
@_JohnHammond
4 жыл бұрын
I use OBS Studio. I should make a tutorial on it soon!
@josephschady1728
4 жыл бұрын
John Hammond thank you, pls do! Right now I’m using Kazam but the audio is not the best, that might just be my computer though.
Nice! What's the command at 16:25 ?
@jovangazivoda2033
4 жыл бұрын
you can find it on pentestmonkey(dot)net like it's described in [Task 5] (reverse shell for netcat)
John.. john hammond.. ngl the only thing bugging me on this one is the 15% packet drop.
Cade copper??
Was I the only one havig issue to crack the root password? John takes ages (On the video it looks like more than 24 hours, while doing the room I left it for about 20 mins) and hashcat was not starting (I think some issue with the VMWare environment) have someone sort it out? Any Advice for next time? Thanks :)
I want to know how you are using gobuster without dir flag 😅
@ransomware9086
4 жыл бұрын
@Shaun he is using an old version or an alias
♥️
4:37 - I did!
also tried your syntax stil same result
Ceqylenjoy ?
great, but would have been even better if you slowed down a bit
Sull emply skills development adr parsin skills tools URL grpoing arrows work.
10:16-10:20 *me, looking at the time left*: hmmmmmmmm
This box whooped my ass. Certainly not easy for me, I was completely lost at the buffer overflow part. Any good tutorial suggestions fellow commenters?
@aidancollins1591
4 жыл бұрын
LiveOverflow has a great series on binary exploitation, "Binary Exploitation".
So hard
this is a comment.
DID YOU JUST SAY "WHATEVER THAT IS" TO PINGU'S NAME??? HOW DARE YOU
Its pronounced Ping Goo
Did anyone tell you that you look similar to Harry Potter 😅😅
Help guys i cant think of a good comment
its better if "Try hack me" do not have hints.