Bruteforcing MFA & Fail2ban Manipulation - TryHackMe! (Biteme)

Hey! Lovely video as always. Just wanted to say, the part where the hash of the password has to end in "001" in order to be valid and you've found one to be "abkr". You overworked the code a bit... For example you could have just made a single for loop going from a number 0 to every number to string and just hash that, much easier and way less code to loop through numbers than ascii characters. The one i've found is 5265 with its hash being <3

quicksolution

Fun fact:
Because cryptographic hashes map evenly from all possible inputs to all possible outputs, it doesn't really matter what you're hashing.
You could start at the number zero, take the hash from that and keep incrementing it by 1 until you hit your target hash. (or you could hash a random string/number every time)
Because every hash outcome has the same probability to occur, (and all hashes ending in "001" also have the same probability) you will find your target hash just as quickly.
Note: I converted the number to string here due to readability of the code. More straightforward computationally would be to simply hash bytes and increment those bytes until you hit your target.


import hashlib

i = 0
while True:
m =
if m[-3:] == '001':
print(f'the md5sum of `{i}` is `{m}`')
break
i += 1

amodo

I was able to follow pretty easily up to privilege escalation because of previous knowledge, but even the prev esc part was understandable because of your thorough explanations!
Also loved to see that you actually took the time to code some brute forces (hash, code, and even directories (even though you didn't write the code yourself)). Sometimes it really does take some dirty, boring, and time-consuming work to get somewhere.

DerMichael

Loving the videos, currently studying for a cyber security degree here in the UK and find your videos are helping me pick up additional skills that are useful for my course. Thank you John

rickyjenkins

Just loved the way you teach all of us is very precious... love you john ....!! and thank you for keeping up the good work.

railwireorbit

from @26:38 to @28:30 you could simply just send any 4 digit MFA code and then in dev console right-click The post request from the network tab and select copy -> Copy as cURL.

kolmt

I just started learning with Hack the box and although I understood very little due to my technical knowledge. I enjoyed the video.
I will come back to this video in 6 months time to see if my understanding has improved
Great content!

waqasalikhanrajput

Great video, thanks for the intro to feroxbuster, wasn't familiar with that one.

sam_sheridan

Very very good, John I have often followed your videos, and I must say that you explain all the steps really well. I really liked the Priesc with the service to restart, with the help of the comnado watch.
Really good.

vincenzoprota

How can you not subscribe to this? This is gold.

ahtungdihtung

i love this video mr ham hands ive missed the tryhackme content!! more pls

LapisOnTheMoon

Nice video. Do you do any live boxes like fresh so we can see you stumble around a bit? I like that raw style.

ywtub

I started watching your videos the same way people watch sports, so entertaining and educational! keep it up :D

ITsikkerhet

Your talent in following numbers are so more this one to you got talent .

bhagyalakshmi

19:31 "Umm, and actually I'm gonna do something stupid", with that voice crack xD I actually lol'd on that :D

legionary

Crazy never seen such a brilliant person ☺️

mrnord

I'm watching it in part for all the cool github links and in part for console wizardry, don't want for it to be a full-time job for me but these things are just so cool to watch.

Lodinn

Although I could follow till the end while getting also lost with the playing around python prog stuff it was amazing...great video as always...thanks John

patik

I love how you pop the machine's IP into $IP and then never use $IP again. ;-)

BrknSoul

Man loved the way you explain everyting first ever video keep up the good work. :-)

webtvhd