 Hello, everyone. My name is John Hammond. Welcome back to the YouTube video. Today, we're doing magic from hack the box. So let's not waste any time. Let's hop on over to my screen here. And I have a folder set up for our magic box. And I'm going to go ahead and make an nmap directory. So we can begin as we always do with a simple nmap scan to find open ports and see what we could work with on this box. So I'll use nmap the syntax tack SC for default scripts tack SV to enumerate versions tack on to output in an nmap format. I'll save it in that nmap directory that I created and call that file initial. And we'll have the IP address of the box, which is 1010 10185. So while that's running, I will go ahead and do some fingerprinting on my own. But before I actually run that, let me kickstart that with verbose mode on. So I can see ports that it finds a while it's working and I see SSH on port 22 and port 80 seemingly on with HTTP as a web server that already finished up. So let's go ahead and check out that nmap scan. That's in that nmap directory. And we have all the output that I see here. Let me close out some of these sublime text windows. And we've got all the information that we asked for. Let me actually kickstart an all port scan just for some good practice while we're doing that. I'll turn off those scripts. And I'll just output that to all ports. But it looks like this is all we have to work with right now SSH on port 22 and HTTP on port 80. So we can poke at that web server since we don't exactly know any credentials to SSH into so I'll fire up Firefox. There we go. And I'll go to 1010 10185. Okay, this is the web page for magic. And seemingly it just shows a lot of images or GIFs. That's very nice. They're all about magic and magic tricks. My first inclination is like, okay, is this going to end up being like an exploit with image magic or something? I know there are some gimmicks where you can get some peculiar files that will run code. But taking a look at the source code of the webpage, I just hit control you on my keyboard to see what we have to work with. I'm looking through to see if there's any oddball files. I like to take a look at the CSS files and the JavaScript files that are static and included to the webpage. Because maybe there might be some interesting information or they just might try to hide some things. I do see a login dot PHP. So we'll definitely have to check that out. All of these JavaScript files that I'm looking at seem to be either external, not external, but maybe a custom library or language that's kind of put together already, maybe an open source tool. So nothing specific to this application seemingly. All of these are either previous licensed software or something that someone else wrote, not the original box here. So that's nothing that I'm extremely interested that I had found. But scrolling through to get an idea for what all these file names are, it's all that they're kind of represented by what looks like the start of a hash. And I just kind of want to get an idea on all of these because while there might be some folders that I see with images slash full, we could check out to see if there's anything else in that directory. If I go to 10, 10, 10, 185 slash images, but it's not going to give me a directory listing that is kind of forbidden for me. But I do see some peculiar file folders uploads. And I wonder if we could upload something. So because we're working off of port 80, and we have something that we could seemingly use looks like that end map scan finish with all ports. So that was quick and easy. I will run Nieto and tee that to a Nieto log also go ahead and start off Durbuster. So I will take that URL and specify the word list of my directory word list medium that comes with Durbuster. And that can get started. It'll immediately find that images and assets as we were looking at just kind of through our manual poking. I wonder if there'll be anything else that it particularly finds and we can obviously supply an extension here. Oh, I do see a cookie set for a PHP session ID, Nieto triggered on that. So let's actually take a look at this login page, please log in to upload images. And I have a seemingly username and password prompt. Again, I'm going to take a look the source code and in case there's any like JavaScript or client side code that's actually handling this. But I don't see anything extra linked as compared to kind of what we already saw earlier. This hash looks interesting because it's not so much actually a hash, but it's actually just a little hex. I can take a look at what that is. If I just pipe it into xxd minus r minus p, that's kind of a quick command line technique to be able to decode or like unhexlify. And it looks like it just gives me magic. So that's not particularly useful. I wonder if all some of those other hashes hash like looking things had that info. Okay. But there's nothing interesting here in the source code. So we could start to try classic, stupid, maybe simple username and password combinations like admin or password or admin or admin or root or tour or root, etc, etc. I'm repeatedly getting this wrong username or password notification though. So that doesn't seem to be the right route. Something that you could do because after I spent a lot of this time enumerating, I didn't end up finding anything else that could potentially give me a username and password. Obviously, there's nothing on SSH. Durbuster didn't end up finding anything else. If I were to end up running it with some extensions like slash PHP, or a dot PHP, it will find index, login and upload dot PHP and log out dot PHP. But those are going to give me 302 or redirects because I am not logged in yet. So without a whole lot else left to try, you could just kind of go for your immediate maybe knee-jerk reaction of SQL injection. So I will do an or one equals one and also an or one equals one there. That also gets a wrong password. Note that I tried that with a double quote to terminate the inner string that SQL might be using that might be what it's using. And I also use to hyphens or dashes to indicate like a more of a SQLite style and syntax comment that again, might be what it's using. We're just kind of guessing and trying it. We could change that up to just use the hashtag or pound symbol or octothorpe. That might get us somewhere, but no, that didn't either. You could again, have some room to change that where you use a single quote rather than a double quote. See if that will work for us. And that seemed to work. Okay, so super duper simple, quick SQL injection technique that or one equals one will just return maybe an individual true statement. So maybe it was trying to select from the database username, where password is equal to something, but we've injected that or one equals one. So the or means kind of an optional condition true in this case. And because or means only one of the two conditions are one of the many conditions that you use with or will be true. All of those will evaluate to true because that or means this or that, right? And simple stuff. Now we are greeted with a image to upload a page and functionality. So whenever you see this, it's normally a great thing to just try to upload like a PHP reverse shell, especially because we know this is running PHP. I can see that dot PHP extension and just about everything that we've seen thus far. So we could get started with a little script here, I will go ahead and copy my opt reverse shell or PHP reverse shell into this directory. I'll just call it rev shell dot PHP. So now I have a rev shell dot PHP. I will take a look at my IP address and modify that PHP reverse shell to include that. If you don't have that obviously that might not already be in your op file and your op folder go just simply search for PHP reverse shell and pentest monkey has a really good one. I don't know why my user agent is set to a mobile device right now. It's because I was trying to do quick on hack the box pentest monkey PHP reverse shell. There you go. Okay, that's it's this link down here pent reverse shell cheat sheet pentest monkey. They have the tiny tiny one that they're showcasing just a single standalone line for PHP. But if you want a whole PHP file to upload, there's a more featureful and robust shell here. And you can download that targe zip file extracted, etc. Okay, let's go ahead and work with that. Like I said, we will need to change that IP address to our IP address. And we can specify a port to run on. So I'll use quad four. And we can try to upload this it says select an image but we don't know what it's actually going to be doing to test or verify or check if it is an image. So it might always be a good thing to try and use a PHP script just to see just a poke upload this and says sorry only jpeg jpeg and png files are allowed. Okay, that's annoying. So it is going to probably test for an image somehow. Let me try to actually copy that to rev shell.png. If it's only working rev shell.png, and do the source and destination and that syntax. Maybe it's just testing that this is a file based off of the file extension. So it's worth just throwing another one up there with just a different file extension. And I get the response. What are you trying to do here? So it can tell that I'm doing some malicious and maybe not so safe stuff. Who knows? Okay, normally, when we're trying to do a image upload and a little bypass to get code execution with PHP, but it's supposed to be an image file. What you could do is make a PHP script wrapped in a jiff file. Excuse me. Sorry, there were some typos there because jiff is pretty easy where the first bytes and header of what your file might be is pretty plain text and easy to write. You can just kind of knock that out. And then you could simply like, okay, get your PHP code in here and try and see if you were to rename this to like a PHP, a file extension, if the web server were to interpret it, but it would be able to pass through their upload or just find because according to file, when you're looking at this revshell.jiff, it's going to think that it's a jiff. That's that magic number or the file signature and the header that's present at the very, very start of the file. Obviously, it's not a real jiff because the dimensions that you're trying to read are really, really muffed up. It's obviously, okay, pre planted with some PHP code. Interesting. That's easy to do with jiff because you can just simply write those. But take note what I said there, you're specifying the magic number for this file. And this box is simply called magic. So that's, that might be the right idea. But if we're only allowed to work with JPEG and PNG files, I figured like, okay, I'm going to need to have to do that in a different way. So I went ahead and just googled a PNG, like specification and a file structure and a Wikipedia was actually fine to just give me the magic number details. All these are bytes here. Because they are bytes, I can't just simply type these in the way that I did with this jiff header. If I were to paste that in, that's, that's not really what it is. I need the raw bytes of that, not just like using these numbers. So let me change this up. I'm actually going to go ahead and carve this and create this with Python just so I can simply get those bytes in there. I guess something that we could do and let me try and kind of shoot from the hip here, forgive me. But if I were to unhexalify this, just kind of as I showed you earlier, we can xx a tech R tech P this, and now we'll have the start of a PNG script, PNG file, and I can bring that to PNG header, simply there. And let's also create a simple like PHP info dot PHP code, PHP info, just as a proof of concept, right? Obviously, we'll want to do something more malicious where we can get code execution. But if I cat out PNG header and PHP info, now we'll have both of those kind of on my centered output stream. And I can redirect that into a new file. I'll call that like info dot PHP, or PNG, right? We'll see if this actually is read by file as a PNG file. In this case, it's not. We could see if the web page will actually handle it though, it's worth a try. I'll go ahead and use that info dot PNG file that I just created and I'll upload that. And that says the file info dot PNG has been uploaded. So okay, that that bypasses it that works. Question is, is it going to actually execute that PHP code? Let me go over to that directory images slash uploads, because we saw that previously when we were working through this this file here, this web page, this box, we saw that in the home directory in the home page. It says the image cannot be displayed because it contains errors. So okay, it's trying to actually read that and interpret it as a PNG file. Question is, how can we get it to actually run as PHP code? So let me make a copy of that with info dot PHP as a file extension. And let's see if that will whine at us. This is where we're just kind of testing and working info dot PHP upload. Nope, looks like it needs that file extension in there. Will it take that at the final end if I have an info dot PNG dot PHP does it need just just need to have that file extension in the string in the file name we can try that upload image. That also fails. So this is a wonky idea, but it might just work if you have simply PHP in the name will the web page read and interpret it info dot PHP dot PNG can try that. Let's upload him PHP dot PNG upload and that uploaded. Okay, so let's see if that actually will invoke the PHP code here. Again, I'll bring us to images uploads. And you can see some of my history from doing this previously. Sorry. And okay, we have code execution from PHP. This is a big deal because now we can potentially get remote code execution or use that PHP reverse shell. I did that in a small primitive way. Obviously what we could do is because now that we have that PNG header, and we have that rev shell page dot PHP, we could just move that into another proper, like big rev shell or whatever the heck you want to call it. PHP dot PNG as now we know that is the file extension kind of trick that we need to use to pass and move through their upload form and still execute this PHP code when we go access that page from the web browser. That's a technique we could use. I actually is because I just did that cat and xxd combo off the fly. I do want to show you what else I did when I was originally doing this because I just did it with a stupid Python script. I would take the magic bytes of whatever I was using. So the PNG here, I would go ahead and take this and let me select all those and just replace in that selection every space with a comma so I can just make a list I guess out of that or each of those actually needs to be here's what we'll do. Let's put this on another page, control H to remove all spaces and I can just binaskin, hexify that. Originally I did this as a list so in my head I'm thinking let's do that space replace with new lines then you can control shift L to get multiple cursors and sublime text and add a 0x in front of these to make those all simple hexadecimal. That would work or we could do binaskin.hexify and work with this however way we wanted to. You could use this in a pretty custom way because that way you could simply change and swap this out if you're going to use a different file type like if you're going to use a jpeg or some other format you can just say magic can equal those and then because we're working in Python 3 let me add that in the shebang line so I'm explicit you can just make this a simple byte array and I can print out magic as that variable here and now we have okay the real bytes that starts that png script so then I would go ahead and open the file that I actually want to work with they're like the actual suffix that I need for revshell.php with read and write as h so I'll use a with little context manager here and I'll do a h.read or just like content and then I can create a new shell with newshell.php.png as we know that is what it should be so then I can simply write that as h where I can write the magic and the content here so I'm reading the content in from the actual original file that I just want to put this in as bytes and since magic is a byte array that will just return and behave formally for me so h.write to throw that in there if I were to run this I don't have any errors you can see that finished just fine hop on over to my terminal again I have that newshell.php.png so that could work for us and we can customize this so that's two methods to kind of do that just a simple python thing or the cat and xxt from the command line method okay enough of that let's go ahead and fire this up I will get back to this upload here and I will upload this newshell.php.png there we go and that told me or that told the server that I will connect on port quad four right yeah okay so let me fire up poncat see if it will behave that's always kind of a fun thing to tinker with thank you unity hood get poncat environment been activate good stuff and now let's poncat attack lp quad four and I'm actually going to specify a configuration file so I can work with it in the database there we go and he should be listening he is fantastic now let's go trigger this to actually connect images uploads and we called it newshell.png.png see if that triggers there we go okay we got our connection couldn't find a shell we're assuming we were in bnsh that's totally fine let me just invoke bash here and then I'll set my prompt to fancy so poncat kind of handles that nicely I'm dubbed of data all right we got our initial foothold we are on the box at least as a low privileged user so now let's kind of enumerate and do anything else we might want to do benefit of having poncat and just being able to I don't know thankfully create other shells and work with things let me connect one more time I'll start up another listener and run this that will be my config data poncat rc and let's actually fire that off one more time so one of these I can use to simply run enumeration tag s tag a and actually poncat didn't want to do that because it already has a database open fine I will use simple netcat there we go and let's stabilize this uh do we have python 3 or python 2 which python that's not a thing how about python 3 python 3 is a thing so let's stabilize shell 3 um what I'm doing there is I'm using my poor man's pentest framework which is a cheesy stupid thing to use like x te or x automation and automatically type in the commands to stabilize your shell so use python 3 to import a pty pty dot spawn bin bash uh foreground that to go back to your host set your terminal in raw mode and then hit uh fg to foreground the process and export term equal x term to get a regular stable shell here so poncat is going to be doing its own enumeration over there um if we're going to be doing this kind of the original way or as you normally would we could just upload or download lin p's or lin enum to do some enumeration but before I dive into all that I do want to kind of go back to the basics right we know that we were working with a web application that had a login functionality and had an upload functionality and had regular users working with it right because you could you could share an image was the idea and you had a cookie that was set when you were logged in so there must be a sort of database that we're working at I think it's a really good idea to go take a look at some of those database files and those configuration files because we might find credentials or some information that can help us get into the database let me take a look that we actually have some users on this box and someone to actually move into other than this dub dub dub data user that I'm running as so I can see catting out it's that repassword very simply there is a thesius user and he has a uid of a thousand and he has a normal bash shell so that seems to be someone we could interact with and use and our enumeration either from lin p's or lin enum or from poncat might be able to find us a foothold or some technique and thing to use but let's actually hop on over to this var dub dub dub so we can see where the root of the web page and the web server and the website might be normally that's an html there's actually nothing in here this time they put it in that magic folder so let's cd into that and see what we have to work with we have all of these files that we saw were on the web page but we also have a db dot php5 that might be particularly useful for us so let's take a look at that php5 file I'll zoom out here and actually I'll throw this into a sublime text so it has some nice easy reading on the eyes for you some syntax highlighting so we have a database class and it has a database name of magic with the host local host username thesius database password I am king thesius okay awesome our intuition was right going to check out that database configuration file might tell us a password in simple clear text good to do we could try to simply su into that user with this password because maybe this is also his system account password and not just the database doesn't work all that well looks like we have to kind of go with the initiative and the gut feeling that this is just to interact with the database oh I accidentally deleted that with a tab key punk got still doing his thing kind of cheesy that's fine the numeration takes a long time uh we could also take a look at what is running because we didn't actually see that my sql server that service accessible from the outside when we ran our nmap scan we only found port 22 and port 80 we didn't see m my sql and you can see it's only running locally it's just buying two local host address 127 001 3306 so it looks like we have to use this box to get to it unless we want to do some other weird clever janky things to kind of port forward but that might take other tricks that we don't really have to deal with because maybe we could just use a my sql client on this machine but we don't have a my sql client on this machine so that was kind of a wrench in the works when I was uh taking a look through here I thought like okay there's got to be something there's got to be obviously there's a mysql daemon in a mysql service running there has to be something that we could interact with to see this database yeah we could like pillage through the files if you really wanted to but I wanted to actually log in and see the things that thesius could see because we had his password so I just tried to type my sql and then I hit my tab autocomplete like a ton of times to kind of get a suggestion as to what I could really use to maybe get some more information or work with this my sql database so I originally just found this like my sql uh what do they have show yeah I worked with my sql show for a second it's like oh you got to supply a username and credentials it's you can't log in as dub dub dub data I'm like oh okay this is perfect because we know thesius and his password and if I use tack p to specify a password and then leave that empty it'll prompt me for it so I can hit that there paste that in and now I have some information these are the databases that we have but that's not really all that I want I'd like more than that you could probably I don't know my sql show admittedly off the top of my head so maybe you could pull other actual information out of there or it's just table and column information maybe not actual data so that's not extremely helpful I went back to my commands that I could run with my sql and I found one here my sql dump I figured that might be worth a try oh we could dump a database and since we know the databases we have this magic one we could work with but we do need to actually specify our login right access denied for user dub dub dub data once more so let me specify user thesius I'll use our password slap that in and now we have a ton of stuff that just falls out so this is the database dump here cool so we got that without having to have to use a msql or mysql client and interact with it manually totally fine in this information we do see a dumping data for the table login and I can see insert into login values admin and thesius was king and some kind of leet speak cool okay that is probably another password in fact that's probably one for thesius's system account so let's su or switch user into thesius slap that in and now I am the thesius user incredible amazing ponkat still doing his thing uh let me see if I can just actually fire up another ponkat session because now that we're doing some big stuff we're in as a real user hopefully we have something worthwhile this box doesn't have netcat fantastic never mind my poor man's pentest thing won't do it I think I could just do the simple uh bash technique or I could just stop this enumeration let's su to thesius we have his password here now let's set the prompt to fancy one more time there we go ponkat's ready and we're cruising um we didn't run limps earlier and we should now especially now that we're as a user we do have a user dot text so you could take a look at that guy and grab that pull that out if you want but he's the only one that we saw on this box right our enum could work and continue from ponkat we could run specific enum modules or kind of things that we need to do with that or we could just throw in limps so let me actually upload op limps upload that cool taking your time you say you're at 100 buddy this is the best thing when I like show ponkat on a video and then it just does all the weird things okay okay never mind we're just gonna go back to our bare bones shell if that's even still a thing nope all right cool that guy that died too is the box just gone nah he's fine oh our files might have been destroyed because it took a little bit of time let's get back to our upload thank you demo gods hmm and now it's not letting me enter spaces so originally I saw this when I was first going through the box and it didn't let me enter these spaces I got around this because I don't want to do it through curl I originally had just done this oh let me reset that terminal because he's muffed up now cd ctf htm excuse me whoa htb and I'm in youtube quick web login dot pi I had just kind of ran through this with a python script because trying to send that request in curl is very annoying you could probably just do this with your development tools if I were to send like a username and password once we see that post request go through you should be able to like right click to like edit and resend this edit and resend and username I will use that or one equals one including spaces slap that in as well I'll send him and did that actually respond no okay so even that is funky I don't like you having to use the comment octothorpe thing in curl or doing url thing so I just like to do it in python because I know that will work so I will do import requests and I'll do a request dot session and then I will close that session just for good practice at the end and but I'll do an s dot post to that url with data specified and I'll use a username as we know that is the name of that entry in the form with is a single quote or was a single quote oh I might have did that wrong maybe that didn't work in the web page because I had mistyped it let's do the same thing for password and let's actually save this as a thing and let's print that out that should if I just kind of ran through that just fine tell me that we are logged in yep okay I see a log out page so I know that I'm there let me actually just print that cookie s dot cookies and now I have that session ID so I could throw that in if I do a from the console here if I specify document dot cookie set to php session ID can equal that guy now if I refresh it should let me go to upload straight there yep okay totally fine so let's upload that new shell one more time yeah yeah yeah yeah I know I didn't upload anything new shell go and let's fire that up let's get to images uploads new shell that triggers that gets me back there's my shell I can ask you to these see us and I totally originally once at one point had his password and now that's probably gone gur this is why you should take your notes guys that's okay let me get it from my uh original notes spoilers spoilers spoilers take notes okay now that we're in does that even have a connection or is that just dying box is not wanting to behave let's just use a regular shell what is going on that you're not want me to be doing this right now apparently there's our shell we'll just do this the lazy way are we still in there fucking what as you the easiest prompt tactic fancy great that that one's ruined down there did I actually upload lin p's earlier probably not the way of right axis in the stinking directory I do all right let's just do it through W get the way we could download it with W get is to simply copy our lin p's into this directory and then do a little python HTTP server and what is my IP address real quick I am 14 for so let's curl or W get excuse me HTTP 10 10 14 for quad 8000 lin p's dot sh and now it's here in that home directory we could probably put it in a smarter place like dev shm or temp but we'll just fire this off and do our regular enumeration after fumbling to uh get our box back we could run other things like hey pseudo tack l to do our manual enumeration we could find to look for set uid binaries on our own we could look for other misconfigurations or maybe look more into his home directory as to other stuff that might be there that might either give us other passwords or might have a script like a configuration or maintenance script that will run with cron and that might be a privilege escalation foothold those are all options but I think it's always worthwhile to just fire up little lin p's or lin enum I don't see anything sticking out in cron lin p's is great because it'll color code all the stuff that we're working with and the things that might very very likely be a potential privilege escalation vector it found my sequel right users with console so theses and root are really the only ones to particularly work with possible private keys were found what in the mime in the data for image magic I guess I can look at that maybe I don't think we'll need to I actually saw it okay I'll remove the illusion I looked at that earlier when I did this the first time it did there's weird like starts of it readable files belonging to root and readable by me but not world readable what is this bin sys info what root it's owned by root use oh and it's a set uid binary too it's gotta let that s bit set that's a weird one let's is that a thing is that like on my I've never heard of a bin sys info do I have a sys info command on my machine no no okay definitely weird one let's go take a look at that uh not a whole lot else to look through here so which sys info it's been sys info it's in my path been sys info it just ran hardware checks and things that was weird that was interesting it is that we already looked at this yeah it is a set uid binary that's stinkin weird okay so if it's ran by root owned by root and will set that permission if I run a little l trace on bin sys info do we have l trace does that work okay yeah so I can see some of the functions that it's calling or what it's trying to do because it seems to be a binary and if you wanted to you could check that one more time it that's not like you can't have a set uid bit set for a script so I assume that was a binary l trace going to the very very start of this there's a lot sorry and maybe I'm scrolling through too much maybe I'm in the like first iteration of it there's just how much is this thrown out here bins this info yeah this is when I ran it I want the l trace info there we go l trace set uid zero and set gid zero okay cool we could potentially be root and popin for p open to open a process lshw that's the thing we can absolutely abuse because it's just going to run this command without any absolute path so now let's make a new directory for us let's create a simple shell or no it's called lshhw right and this can be a simple bash script and we can just run bash tack p tack p to keep the set uid info and let's mark it as executable lsh if I run that yep just bonds bash for me okay pong cat that's fine um let's add that into our prompt let's export path excuse me add that into our path let's add home thesius new or the current directory we're working in in a colon to separate because that's the limiter for path uh the old path so now if I were to type in lshw that will just run that shell so let's exit out of that and if I were to run sys info that should start by running the set uid zero to elevate meter root and then it will just simply run bash an interactive way and we'll be root cool okay that's that then we can hop on over to our root directory what is it oh we don't have any output id who am I okay so I found this and thought it was odd uh that's probably just the way that I had ended up running it with bash tack p while it's in the middle of doing something else and maybe I guess it didn't keep whatever interactive form bash tack i I also kind of experimented with that like if I exit this uh let me nano that lsh I'll make this guy here and you could probably maybe it needs like an exec or some other redirection to tty some other like lin stuff but I never ended up getting output from that very easily so because I just had my root privileges I use my kind of favorite trick to make bash set uid so that no matter who I was I would be able to just simply run bin bash tack p and then have my full root from root privileges now I am that so now I can get back to root and actually see information so this was kind of cool uh let me sync this because there's not a lot of screen space apparently right now there we go cat info it's still not taking it whatever we'll just take a look this seems to be the c source code and the actual file that was put together like the the the binary source this is the source code behind that sys info program seemingly because you can see it running all these hardware commands or lsh w f disk etc etc so we could latch on to some others but I always like to go for the first one in case the others like have some weird dependency or whatever further down the in the code but we have root dot text you could read that out and grab that and you are root did I say that you do have root dot text I didn't did I say read dot text I always get so bad especially at these long videos and this really didn't have to be long this was another kind of seemingly classic and simple linux box there were some good pieces here but hey thanks so much for watching everybody I know a lot of people have been saying John you got to do some hack the box so uh please forgive me that I am trying to get back to it I do have a hack the box folder that I'm trying to get some machines and do more with it because I know people are hating me on me like John you do uh you're such leaning towards try hack me is like hey man it's a John Hammond channel we kind of do whatever John Hammond wants to put out there so thank you guys so much for watching I really hope you enjoyed this video I know it was a lot to it and longer than it probably needed to be but we were wrestling with the machine for a little bit thanks for watching everybody hope you enjoyed this video if you did please do press that like button maybe leave me a comment youtube algorithm things hopefully subscribe I love you I'll see you in the next video take care