- 10
- 5 019
M0ck3d
United States
เข้าร่วมเมื่อ 17 ธ.ค. 2022
A channel focusing on Penetration Testing, CTF Walkthroughs, and potentially some coding sprinkled throughout!
About M0ck3d:
eLearnSecurity Mobile Application Penetration Tester (eMAPT), eLearnSecurity Junior Penetration Tester (eJPT), Certified Ethical Hacker (Master), CompTIA Security+, CompTIA Network+, Microsoft Certified: Azure Fundamentals (AZ-900), AWS Certified Cloud Practitioner
About M0ck3d:
eLearnSecurity Mobile Application Penetration Tester (eMAPT), eLearnSecurity Junior Penetration Tester (eJPT), Certified Ethical Hacker (Master), CompTIA Security+, CompTIA Network+, Microsoft Certified: Azure Fundamentals (AZ-900), AWS Certified Cloud Practitioner
XSS 101: Exploring Reflected XSS for Beginners in Web Security
In this video, we'll explore PortSwigger's Web Security Academy's lab focused on Reflected Cross-Site Scripting (XSS). This lab is tailored to enhance your understanding of the concept of reflected XSS.
Lab ► portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-encoded
Subscribe for more walkthroughs ► th-cam.com/channels/CfqvV2YQ1sTl4EtPiQkRdw.html
► Video Timestamps
0:00 Introduction
0:15 XSS Review
1:04 Lab Walkthrough
5:25 Outro
WANT TO LEARN MORE?
===============================
Hacking API's
Corey J. Ball
nostarch.com/hacking-apis
Bug Bounty Bootcamp
Vickie Li
nostarch.com/bug-bounty-bootcamp
Lab ► portswigger.net/web-security/cross-site-scripting/reflected/lab-html-context-nothing-encoded
Subscribe for more walkthroughs ► th-cam.com/channels/CfqvV2YQ1sTl4EtPiQkRdw.html
► Video Timestamps
0:00 Introduction
0:15 XSS Review
1:04 Lab Walkthrough
5:25 Outro
WANT TO LEARN MORE?
===============================
Hacking API's
Corey J. Ball
nostarch.com/hacking-apis
Bug Bounty Bootcamp
Vickie Li
nostarch.com/bug-bounty-bootcamp
มุมมอง: 83
วีดีโอ
Android Pentesting: Setting up Frida like a Pro!
มุมมอง 370ปีที่แล้ว
In this comprehensive tutorial, we'll walk you through the step-by-step process of setting up your machine for Android penetration testing using Frida. Frida Android Tutorial ► frida.re/docs/android/ Subscribe for more content ► th-cam.com/channels/CfqvV2YQ1sTl4EtPiQkRdw.html ► Video Timestamps 0:00 Introduction 0:22 Android Studio Emulator Setup 1:48 Rooting Android Emulator 4:10 Frida Setup 7...
Basic Server-Side Request Forgery
มุมมอง 91ปีที่แล้ว
In this video, we'll be taking a look at the Server Side Request Forgery (SSRF) against local server lab. This lab is designed to help you learn more about SSRF and how to exploit these vulnerabilities to induce unauthorized actions. Lab ► portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost Subscribe for more walkthroughs ► th-cam.com/channels/CfqvV2YQ1sTl4EtPiQkRdw.html ► Video ...
CSRF: OAuth SameSite Lax Bypass Using Cookie Refresh
มุมมอง 1.2Kปีที่แล้ว
In this video, we'll be taking a look at the Cross Site Request Forgery (CSRF): SameSite Lax bypass via cookie refresh lab. This lab is designed to help you learn more about SameSite restrictions and how to bypass them to exploit CSRF vulnerabilities. Lab ► portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-strict-bypass-via-cookie-refresh Subscribe for more walkthro...
CSRF: SameSite Lax Bypass Using Method Override
มุมมอง 1.2Kปีที่แล้ว
In this video, we'll be taking a look at the Cross Site Request Forgery (CSRF): SameSite Lax bypass via method override lab. This lab is designed to help you learn more about SameSite restrictions and how to bypass them to exploit CSRF vulnerabilities. Lab ► portswigger.net/web-security/csrf/bypassing-samesite-restrictions/lab-samesite-lax-bypass-via-method-override Subscribe for more walkthrou...
How to Exploit IDOR Vulnerabilities
มุมมอง 279ปีที่แล้ว
In this video, we'll be taking a look at the Insecure Direct Object Reference (IDOR) Lab. This lab is designed to help you learn more about IDOR vulnerabilities and how to exploit them. Lab ► portswigger.net/web-security/access-control/lab-insecure-direct-object-references Subscribe for more walkthroughs ► th-cam.com/channels/CfqvV2YQ1sTl4EtPiQkRdw.html ► Video Timestamps 0:00 Introduction 0:12...
How to Exploit File Path Traversal
มุมมอง 663ปีที่แล้ว
In this video, we'll be taking a look at the first Directory Traversal Lab. This lab is designed to help you learn more about directory traversal vulnerabilities and how to exploit them. Lab ► portswigger.net/web-security/file-path-traversal/lab-simple Subscribe for more walkthroughs ► th-cam.com/channels/CfqvV2YQ1sTl4EtPiQkRdw.html ► Video Timestamps 0:00 Introduction 0:15 Directory Traversal ...
keep it hero u did a greate job i give u that . short and on point, i like it , the only thing that is missing from ur vid is the problem explaination phase
Thanks for watching and the feedback !
Good work mate but instead of using the script from poc burp i think you should have make it on your own and go through step by step anyways thanks for explaining and keep it up!
Thank you so much for taking the time to give me some really awesome feedback! I’m still trying to figure out how to do these videos, but I agree with you 100% ! Gotta “Try Harder” to make it my own 😁
Very nice explaination
Thanks for watching !!
very goood explanation bro, thankss
Thank you so much !
the funny thing that i solved it with the same way as the first lab (csrf with no defense) and the lab was solved completly
Huh, thats very odd. Were you using a Chrome browser ? If not, then that would be why
@@M0ck3d yp chrom browse😄
I like
Thanks for the like!
This is my problem with Path traversal on live sites is I never see file name. I see other points of entry I can fuzz or manually input but in the end I never see the root. What could I be doing wrong here ?
For this lab specifically Filename was just the name of the input, it could have been named literally anything. The purpose of path traversal is to find an endpoint that returns or has access to other files, it doesn't have to be named "Filename". For example, if you find an endpoint that takes in a parameter called "Test1234" and that parameter has access to files then thats a perfect place to start. A lot of vulnerabilities require pentesters to really know and understand the flow / logic of each endpoint. Additionally, if you are interested in finding files there are other tools that try and find "Hidden" files. One tool is Dirbuster, its a nice tool and you can fuzz by file extension which is helpful but this is different from path traversal. Hope I was helpful!
@@M0ck3d Thank you I use very little scanners due to false positives I am trying to improve my manual testing this helps.
Great content! Keep it up! Do you plan to make same videos with `SameSite=strict` to mitigate CSRF?
Thank you so much for your support !! I am planning on doing videos for ‘SameSite=strict’, hopefully be able to get them out next week !
@@M0ck3d pro you didnt 🥲
Bro love your videos, but please don't be so loud at the beginning, you scared me :DDD
Thank you so much !! Really appreciate your support ! Yea, I gotta try and figure out the volume / intro, believe it or not you are not the first person to tell me I’m loud lol
what to do after getting /etc/passwd file ?
For the lab, you are only supposed to get to the /etc/passwd file and then it's considered complete. The /etc/passwd file contains passwords for every user that has access to that specific entity, but it's usually encrypted. Thats why you need to find the /etc/shadow file, which contains the passwords in a hashed format. Then when you have both the /etc/passwd AND /etc/shadow files you can use a tool like John the ripper to crack the passwords and get them in clear text.
@@M0ck3d thank you. I needed to know this
No problem ! Happy to help!