Hacking Windows! – Arctic | Walkthrough (HackTheBox)

Back with another video – this time we hack into a Windows server running Adobe Cold Fusion!

I demonstrate and explain the following hacking techniques:

  • Nmap for port scanning
  • Connecting to non-standard HTTP ports
  • Searchsploit for vulnerability research
  • Python to steal the admin password hash
  • John the Ripper to crack the hash
  • Msfvenom for creating a custom java payload
  • Abusing “scheduled tasks” to upload a shell
  • Finally, using a kernel exploit to upgrade my shell to NT Authority/System and pwning the machine!


Upcoming Preaching Dates

Hi everyone –

Although I am no longer in pastoral ministry, I still love teaching the Bible and pointing people to Jesus. Right now I do this through leading a weekly Bible Study, serving on the leadership team of The Rescue Church, helping with the children’s ministry at the United Church of Garretson (where we are members), and doing pulpit supply occasionally.

I’ll have the opportunity to preach at the United Church of Garretson in April and The Rescue Church in May. Specific dates are below — if you live in the area, I’d be honored to have you join me!

  • Sunday, April 24th – United Church of Garretson (10:30am service)
  • Sunday, May 22nd – The Rescue Church (10:00am service)

TryHackMe! – RootMe | Walkthrough (Hands-on Hacking!)

Another hands-on hacking video I just released today!

This time we hack the RootMe computer on TryHackMe. I demonstrate the following strategies:

– Using nmap to scan the machine for open ports
– Using dirb and ffuf for directory enumeration
– Bypassing a .php upload restriction
– Using .php to set up a reverse shell for initial access to the machine
– Elevating from initial access to root by abusing a SUID setting


TryHackMe! – Bounty Hacker | Walkthrough

Some more hands-on hacking! In this video, I demonstrate the following to hack an actual machine:

– Using nmap to scan for open ports
– Abusing an FTP server that allows anonymous login
– Using credentials I found on the FTP server to brute force SSH
– Elevating my initial shell to root access and officially “pwning” the machine


Start Hacking Today! (Legally…)

Back with another video — in this video, I explain how YOU can begin hacking today without going to prison (which is kind of important).

I walk through setting up an account on TryHackMe, installing Kali Linux as a virtual machine, and connecting to a network with OpenVPN so you can practice real hacking techniques in a lab environment.


An Autopsy of an Ex-Pastor

This was a tough video to make.

I am calling it an “Autopsy Of An Ex-Pastor”. I share very openly on how pastoral ministry went from being my dream career as a teenager to something that is now deeply painful.

Here’s a quick summary of the “death blows” I share about:

1. I was gifted beyond my emotional & spiritual maturity.
2. I did not embed myself in a robust support network.
3. I fell into the trap of human approval.
4. I rooted my identity in my “success” as a pastor.
5. I measured my ministry by the wrong metrics.


(No idea why my website will not embed the video so you’ll just have to click the direct link above to see it).

What Does Real Hacking Look Like?

What does real hacking look like?

In this video, I hack a web server running a vulnerable content management system. I use network scanning, SQL injection, PHP reverse shells, Metasploit, and much more. If you’ve ever been curious about what hacking actually looks like (rather than fake Hollywood depictions) – here you go.


Print Nightmare – Step-by-Step Guide for Exploitation

One of the most infamous vulnerabilities from 2021 is known as “Print Nightmare.” This is a remote code execution vulnerability which means it allows an attacker to execute code on a server. It can be used as a pivot point for stealing credentials, launching ransomware, and various other malicious purposes. It abuses the Windows Printer Spooler as the entry point because the service runs with elevated privileges. This has been patched by Windows in July of 2021 but many servers remain unpatched and it continues to be exploited.

When evaluating a company’s security, ethical hackers will attempt known exploits and these often lead to root/admin access. Below is my step-by-step guide on exploiting Print Nightmare. You need to have knowledge of Kali Linux to perform this exploit. You also need a valid username and password on the server but it can be done with any user account.

1. Check if the server is vulnerable.

– rpcdump.py @<ip> | grep ‘MS-RPRN | MS-PAR’

2. Install latest version of Impacket

3. Grab the Python code from the Github page

URL: https://github.com/cube0x0/CVE-2021-1675

4. Create the .py exploit on your attacking machine

5. Create the malicious DLL on your attacking machine with msfvenom

6. Launch Metasploit and get a Meterpreter session started

7. Set the payload

8. Set the LPORT and LHOST (same as you did in step 5)

9. Type “run” to set up the listener.

10. Set up the SMB File share (new terminal window)

11. Run the python exploit

12. Get a Meterpreter shell as system!

  • This may get blocked by Windows Defender. You need to obfuscate the .dll file to perform AV bypassing