Відео

Back again, to give you props on another one. Was having issues with getting the reverse shell through the exploit. Thanks for walking us through it. For sure going to be recommending your stuff man, super knowledgable.

Cryptocat, could you pls shoot walkthrough web challenges from downunder 2024 ctf

it doesnt work for me

for those that are confused with the gets() function not working, it was deprecated from C++ 14. Instead use std::cout or std::cin to print and retrieve values from the user.

Pl give permission for your GitHub hink We are students We are unable to pay the money for your link

Awesome

Don't let the numbers fool you, this content is worth millions of views man. Even 2 years later, you're helping people with this. Thanks for the hard work 🙏

Hello, what is the difference with the 64bit version? I cannot print the string even if I know the offset, it always print null

thanks for note Palestine and respect it, big love Crypto❤

I learned much in this video

Hello! Thanks for the detailed review. However, I am still not sure whether to go for CBBH or BSCP first. I know BSCP is much cheaper, but since I need Burp Pro to finish all the Academy labs and for the exam, I think it would be necessary to get a 1-year subscription. Would it still be worth it to go first with BSCP instead of CBBH considering that the prices could be similar for both with the Burp Pro subscription + exam voucher cost?

Where are we getting the list of passwords from, did I miss something

Thanks very much

What is that terminal theme/desktop environment you are using here? It looks really cool

hydra working command = hydra -L user.txt -P pass.txt ip http-form-get "/001/vulnerabilities/brute:username=^USER^&password=^PASS^&Login=Login:H=Cookie:security=low;PHPSESSID={sessionid}:F=Username and/or password incorrect."

I am looking forward to your video on HTTP response header injection

it so sad they made this box for beginner WTF HTB

really really great explanation along with the examples, appreciate it

why do you connect to hackthebax wepage frum the VM?. Any risks connecting on the laptop itself?

I wish this video wasn't so all over the place. Starting over.

Thanks alot buddy

Hey, Very great video. On the issue of Hydra maybe adding "F=Username and/or password incorrect.:" could solve the problem? I can perfectly bruteforce the password using hydra.

hey great video, I just trying to understand why when I pop the address 0x600e48 into r12 and pop 0 into rbx and 1 into rbp it works vs popping 0x600e30 into r12 and 3 into rbx and 4 into rbp it also works. I'm clearly misunderstanding something that is going here.

Way more helpful than the actual guided steps provided

do you have contents about heap exploits, sir?

The video is awesome! I've learn a lot of ideas and skills. By the way, Could you please introduce the script qtunnel that you used to connect the local web service to the public network? I would like to have a useful tool like that.

Your videos are always amazing. Whenever I watch you I learn something new. Thank you for this.

10:14 fuckin' saaaaaaame. Had to start using java to run apktool. The app I'm trying to mod is frustrating as hell because it gives an infinite loading screen as punishment for installing from outside of the play store (like from backup) and has a ton of checks. I guess I need to learn how to use android studio... Why must it be so huge?

Hey, need a bit of help. Stuck at the reverse shell. I uploaded my php script, and got it to connect back to my box. When i run commands, it just gets stuck with no output. Not sure where to start troubleshooting.

great job and Freeee PS

19:24 I was very confuse at this point, turn out %7 is the offset of 'buffer' in the blogpost :D

Great explanation of your thought process and tools used 🤖

Cool, learned something new :))

thank you for the walkthrough!

Really cool stuff!! Free Palestine

Awesome work as always my friend.

Hello 👋🏻

akasec 1337 morroco do a great job , free palestine

Love this walk through! ++🇵🇸

💀

hi bro ,you are doingg a great job ,keep it up❤

I believe you positioned your parameter entity wrongly. I think you should try % xxe instead of xxe % system.

hi cat

mandatory comment for the algo!

Its gonna be very easy they said 😅

I had no clue what was going on, but it was fun to watch and learn !

Incredible explanation. Thank you. Very few videos and articles have been able to explain this topic as well as you do. One question though is how could I have used Ghidra or gdb to look for 'pop rdi' and 'pop rsi'? The addresses matched by ropper don't seem to match exacly what I see in Ghidra (or gdb)

It's very beneficial to learn programming, this wasn't the easiest one.

I'm not getting my hash in responder it is listening for events, the ip of listener is the same I give in url but nothing happens. Any idea why?