TryHackMe! Exploiting Nagios XI - NAX

So so so happy you're doing one of these again! Loving the tools you're building and expanding, but these videos just hit different!

liamlouw

Every time I look one of your videos, I learn something cool from you!! thanks man, here you got a big fan!

jhonycash

Great content as always, thanks for making this!

Although I get your "obsession" to automate everything, I found the atomic number of each element using the Interactive Fishersci table online, and then converted into ASCII using the handy converter from onlinetools, as I always lean on the simpler side of things. But it was great learning about the periodictable module, I have never seen it before!

Getting an initial foothold on this room felt more like a treasure hunt, but it is always great to learn new things like the Piet language which also I have never heard before!

Keep it up!

xx

i love it when you recreate such descriptive videos... well done

fabiancostamoling

This video is going to help me in my upcoming practical exams machine solving🙂
Thank you for posting great content keep it up👌

shubhamdwivedi

Very informative :) that piet thingy is very complex

MrPaddy

Great instructional video! found your channel after the Defcon talk :D

nexenti

The vars() trick is so neat!! thanks John <3

dgkiller

The reason why you pronounce Piet as 'peet' is because this is a reference to Piet Mondrian who is a Dutch painter. This is how you proniounce his first name. Also thank you for the video, this is really interesting and I had no idea that his art has had influence in computers, strange world we live in!

JvGenderen

"ASS...nice John :))" i laughed so hard. Thanks for sharing the knowledge. You are the reason i joined TryHackMe and this year i am planing on taking the eJPT, again because of your review and honest opinion.

tataglontz

Second, happy to see you back on Tryhackme.

tecnolinux

26:26 is the best part, better than the root part obviously :)

rakenso

thanks for all of these videos
John please don't forget to cover win32 simple stack overflow please i m beging you .. 🙏🙏🙏

djebbaranon

I really love your try hack me videos 😍

prasadbroo

I have written a python script which exploits the Nagios xi exploit, It checks if the Nagios version is vulnerable or not, if vulnerable it then uploads a PHP payload and then check for a privilege escalation vector, if a privilege escalation vector is found, it will exploit that also, it can give the user a low privilege shell if needed or root shell if needed, the script will do everything for you guys, right from connecting and creating a web server and starting a Netcat listener and catching the connection back.


@johnhammond I'd love if you can review the script as you are too good at python

Comments and Feedback are welcome :)

ruthvikvegunta

Cicada periodic table is very intresting

arjunpeter

Angry dutchman here, Piet is the Dutch version of Pete. It's pronounced roughly the same

cl

Very excited. Can't wait. It's like going to see StarWars at midnight. did that once, never again. John, you're worth it. How is who's on FIRST, and what's on SECOND doing?

CybrJames

You can add -t 70 to increase the number of theards used by gobuster.
This really decreases its time of completion.

snipeSec

Awesome video, the starting page part was really insightful!

Why not run gimp PI3T.png in the terminal though 😭😭

lordmummie