I love to play the piano, teach, write music, edit videos, learn history, and narrate. So, I combined it all together and this is what happened. :) Subscribe to my channel and be updated when I release new music!
For royalties or other business inquiries, brockrosen@pm.me
Listen to some Brock:
Find my music on: music.apple.com/us/artist/brock-rosen/172450403 open.spotify.com/artist/7ztbr2bTJcX0aIQcuxHZHJ itunes.apple.com/album/id1724732968?ls=1&app=itunes
*****Do you like to paint visceral scenes? Email brockrosen@pm.me for project affiliations!
This was a seriously difficult room, I wanted to say thank you so much for making this 200% amazing video helping all of us to complete it! And thank you for taking the time to provide beginner friendly step by steps and examples, your method of explaining is wonderful & I appreciated it greatly & all the humor as well 🙏😁🙌👍
In the second last and last tasks we need to set the the same payload we used in msfvenom to make the payload in the multi/handler. I think that is the reason for the unstable shell you are getting...
I just wanted to say thank you, I have used your videos quite a bit as I am starting my journey on getting into Pentesting /red hat. your videos are the first I look for to get clear explinations
The pineapple nano was released in 2016, is no longer maintained or supported by Hak5 and can only scan 2.4ghz BUT I am curious as to how you got dark mode 😂 probably in themes?
I don’t know why you stopped creating content, but I wish you the best in your life. You have helped me a lot as a beginner to keep learning and reach a good level. There are many people who explain the courses you taught, but your way of explaining was much better because you considered the beginners' level who were watching the course. Thank you again, and I wish you all the best.
Hi Brock Rosen. can u explaine me please about Bind shell on 1:16:00 fwd. I think u made a reverse shell not a bind shell as the second example should be for Bind shell? Victim Machine: Start the listener: socat TCP-L:443 EXEC:"bash -li" This means the victim is waiting for an incoming connection on port 443 and will provide a Bash shell when connected. Attacker Machine: You connect to the victim: socat TCP:10.10.164.3:443 - This connects your terminal to the victim's Bash shell, allowing you to control the victim. 😉 nice work Brock and hope to see more videos like this!!! You are doing really good work 🙌 Thank you.
During judgement day I am going to recommend your name for salvation. You have saved my time. You are such a humble person and tried to explain in detail. I have subscribed to your channel. Please keep up the good work. THM is frustrating in some way but you have made my life easy.
you did a mistake in task 13 Q4 in the bind shell exploitation !! you gained the attack box shell and not the target machine shell. Thanks for your efforts
Another question for flag3 (I haven't really used burp that much before). I tried to use burp instead of curl in the terminal. When I alter the GET request and add the same directory, the error request i get back just says include(.php). (I've changed it to POST /challenges/chall3.php?file=../../../../etc/flag3%00 in burp
Hello there. I ran into the exact same issue on flag 3. I did a bunch of digging and here is what I found ... (I was using postman not burp). In postman you can see the specific cURL command that the parameters that you set are generating. The postman cURL generated was: curl --location --request POST 'ATTACKBOXIP/challenges/chall3.php?file=../../../../etc/flag3%00' Instead of curl -X POST ATTACKBOXIP/challenges/chall3.php -d 'method=POST&file=../../../../etc/flag3%00' --output - The Key difference is that even though you said you wanted the request to be a POST via burp the URL is what contains the data which is still technically a GET request not a POST request. GET is getting filtered by the server. Using the cURL command line command allowed you to SPECIFICALLY say that you wanted the data to be sent as a POST request and not a GET request in the URL. Is there a way to do this via postman/Burp? Probably, but not as a default setting - I would need to learn more about the client settings for this.
For the challenge (lab2), that we can use the cookie to alter from Guest to admin I got on my own, and the file inclusion after you showed it could be done to the cookie. But could you explain why it is possible to alter the cookie to include the file? What triggers you to try that?
