- 336
- 589 981
Djalil Ayed
South Africa
เข้าร่วมเมื่อ 30 ต.ค. 2009
I share here my journey learning information security.
🐞 🪲🪲 Silver Platter | CVE-2023-47323 | Silverpeas | TryHackMe | CTF 🪲🪲🐞
🪲🪲Can you breach the server? 🪲🪲
CVE-2023-47323: Silverpeas Core Broken Access Control Allows Reading All Messages
🪲🪲CTF Scenario:🪲🪲
Think you've got what it takes to outsmart the Hack Smarter Security team? They claim to be unbeatable, and now it's your chance to prove them wrong. Dive into their web server, find the hidden flags, and show the world your elite hacking skills. Good luck, and may the best hacker win!
🪲But beware, this won't be a walk in the digital park. Hack Smarter Security has fortified the server against common attacks and their password policy requires passwords that have not been breached (they check it against the rockyou.txt wordlist - that's how 'cool' they are). The hacking gauntlet has been thrown, and it's time to elevate your game. Remember, only the most ingenious will rise to the top. 🪲
🪲🪲 May your code be swift, your exploits flawless, and victory yours!🪲
tryhackme.com/r/room/silverplatter
👍 Like, Subscribe, and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept, feel free to drop a comment below!
these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge.
#tryhackme #CVE202347323 #Silverpeas #TryHackMeWalkthrough #TryHackMeRoom #PenetrationTesting #InfoSec #EthicalHacking
CVE-2023-47323: Silverpeas Core Broken Access Control Allows Reading All Messages
🪲🪲CTF Scenario:🪲🪲
Think you've got what it takes to outsmart the Hack Smarter Security team? They claim to be unbeatable, and now it's your chance to prove them wrong. Dive into their web server, find the hidden flags, and show the world your elite hacking skills. Good luck, and may the best hacker win!
🪲But beware, this won't be a walk in the digital park. Hack Smarter Security has fortified the server against common attacks and their password policy requires passwords that have not been breached (they check it against the rockyou.txt wordlist - that's how 'cool' they are). The hacking gauntlet has been thrown, and it's time to elevate your game. Remember, only the most ingenious will rise to the top. 🪲
🪲🪲 May your code be swift, your exploits flawless, and victory yours!🪲
tryhackme.com/r/room/silverplatter
👍 Like, Subscribe, and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept, feel free to drop a comment below!
these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge.
#tryhackme #CVE202347323 #Silverpeas #TryHackMeWalkthrough #TryHackMeRoom #PenetrationTesting #InfoSec #EthicalHacking
มุมมอง: 35
วีดีโอ
✅Baselines and Anomalies | Identify normal activity and hunt for anomalies | TryHackMe Walk Through✅
มุมมอง 1317 ชั่วโมงที่ผ่านมา
💻 Baselining Hardware Inventory 💻 Baselining Software Inventory 💻 Living Off the Land 💻 Baselining Network Traffic 💻 Baselining Identity and Access Management 💻 Identifying Suspicious Environment Specific Use Cases tryhackme.com/r/room/baselineanomalies 👍 Like, Subscribe, and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification...
🐧 🎄🐧 L5 Keycard | T5 | T5: An Avalanche of Web Apps | Advent of Cyber '24 Side Quest | TryHackMe 🐧 🎄
มุมมอง 286วันที่ผ่านมา
Walk through how to get the keycard for TryHackMe room T5: An Avalanche of Web Apps part of Advent of Cyber '24 Side Quest. 🐧 🎄You will learn: Intercept and modify internal APIs using Frida. 🐧 🎄Binary analysis using Ghidra 🐧🐧🐧Script used on the video:🐧🐧🐧 github.com/djalilayed/tryhackme/blob/main/Advent of Cyber '24 Side Quest/L5_Keycard.js tryhackme.com/r/room/adventofcyber24sidequest 👍 Like, S...
🐧 🎄🐧 L4 Keycard | T4 | T4: Krampus Festival | Advent of Cyber '24 Side Quest | TryHackMe 🐧 🎄🐧
มุมมอง 183วันที่ผ่านมา
🐧 🎄🐧 Video walk through of how to the get L4 Keycard to by pass Firewall on room T4: Krampus Festival part of TryHackme Advent of Cyber '24 Side Quest 🐧 🎄🐧 🐧 🎄🐧 Technique used is SQL Injection using SQLMap 🐧 🎄🐧 tryhackme.com/r/room/adventofcyber24sidequest 👍 Like, Subscribe, and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarificat...
🐻❄️ྀིྀི⭐ T3: Escaping the Blizzard | Advent of Cyber '24 Side Quest | TryHackMe 🐻❄️ྀིྀི⭐
มุมมอง 265วันที่ผ่านมา
⭐Script used in this room:⭐ github.com/djalilayed/tryhackme/blob/main/Advent of Cyber '24 Side Quest/T3: Escaping the Blizzard/binary.py github.com/djalilayed/tryhackme/blob/main/Advent of Cyber '24 Side Quest/T3: Escaping the Blizzard/generate_hash.py ⭐Good reference to check: (picoCTF 2024 - Binary Exploitation Challenges)⭐ hackmd.io/@Zzzzek/r14x13FRp#high-frequency-troubles ⭐for Container Es...
🐧 🎄🐧 L2 Keycard | T2 | Advent of Cyber '24 Side Quest | TryHackMe 🐧🎄🐧
มุมมอง 376วันที่ผ่านมา
🐧🎄 this video walk through how to find L2 Keycard which will give you the password to by pass Firewall on the room T2: Yin and Yang part of TryHackMe Advent of Cyber '24 Side Quest 🐧 🎄 🎄🐧 Technique used is XML external entity (XXE) injection🐧🎄 Payload used: github.com/djalilayed/tryhackme/blob/main/Advent of Cyber '24 Side Quest/L2_Keycard.txt tryhackme.com/r/room/adventofcyber24sidequest 👍 Lik...
⚡🎲 L1 Keycard | T1 | Advent of Cyber '24 Side Quest Keycard | TryHackMe ⚡🎲
มุมมอง 1Kวันที่ผ่านมา
🎲This steps to get L1 Keycard / T1 Keycard for TryHackMe Advent of Cyber '24 Side Quest which was out on Day 1.⚡ 🎲This based on Flask app C2 server which have some weaknesses:⚡ ⚡Hardcoded Secret Key ⚡Hardcoded Credentials ⚡Lack of Secure Session Handling 🎲Command used:🎲 flask-unsign sign cookie "{'logged_in': True}" secret 'thescrectfromscript' ⚡C2 script used on the room:⚡ github.com/Bloatware...
⚡🎲 L3 Keycard | T3 | Advent of Cyber '24 Side Quest Keycard | TryHackMe ⚡🎲
มุมมอง 178วันที่ผ่านมา
Video how to get L3 Keycard to by pass Firewall in the room T3: Escaping the Blizzard⚡🎲 ⚡🎲this is based on IDOR Insecure Direct Object Reference⚡🎲 ⚡🎲 👍 Like, Subscribe, and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept, feel free to drop a comment below!these tutorials are for educational purposes and to e...
🐧🔥 T2: Yin and Yang | Advent of Cyber '24 Side Quest | TryHackMe | Robot Operating System🐧🔥
มุมมอง 413วันที่ผ่านมา
🔥🐧Explore a series of advanced challenges alongside the core Advent of Cyber event!🐧🔥 🐧🔥script used:🐧🔥 :🐧Yang Flag:🐧 github.com/djalilayed/tryhackme/blob/main/Advent of Cyber '24 Side Quest/T2: Yin and Yang/get-yang-flag.py :🐧Yin Flag::🐧 github.com/djalilayed/tryhackme/blob/main/Advent of Cyber '24 Side Quest/T2: Yin and Yang/get-yin-flag.py 🐧🔥This room you will 2 machines, you will use ROS - R...
⚓🏴☠️🦜 El Bandito | TryHackMe | HTTP Request Smuggling ⚓🏴☠️🦜
มุมมอง 684หลายเดือนก่อน
🏴☠️🦜⚓ Can you help capture El Bandito before he leaves the galaxy? ⚓🏴☠️🦜 ⚓ Request Smuggling: WebSockets🏴☠️🦜 ⚓ HTTP/2 Request Smuggling🏴☠️🦜 tryhackme.com/r/room/elbandito 👍 Like, Subscribe, and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept, feel free to drop a comment below! these tutorials are for edu...
🎅🏻👨💻 Advent of Cyber 2024 Day 3 | Remote Code Execution | Log Analysis | ELK | TryHackMe 👨💻🎅🏻
มุมมอง 219หลายเดือนก่อน
Dive into the wonderful world of cyber security by engaging in festive beginner-friendly exercises every day in the lead-up to Christmas! Day 3: Even if I wanted to go, their vulnerabilities wouldn't allow it. 🎅Learning Objectives🎅 🎅 Learn about Log analysis and tools like ELK. 🎅Learn about KQL and how it can be used to investigate logs using ELK. 🎅 Learn about RCE (Remote Code Execution), and ...
🏷️✅🏷️ The Sticker Shop | TryHackMe | Stored XSS 🏷️✅🏷️
มุมมอง 784หลายเดือนก่อน
In this room learn about XSS in this CTF. 🌠Payload used on the video:🌠 github.com/djalilayed/tryhackme/blob/main/The Sticker Shop/payload.js 🌠Simple Python server to handle post request:🌠 github.com/djalilayed/tryhackme/blob/main/The Sticker Shop/server.py tryhackme.com/r/room/thestickershop 👍 Like, Subscribe, and Comment to stay updated with our latest cybersecurity tutorials. If you have any ...
⛵🚢🧭 Request Smuggling: WebSockets | TryHackMe | Bypassing Security with HTTP Smuggling 🚢⛵🧭
มุมมอง 205หลายเดือนก่อน
🚢 Exploit HTTP Request Smuggling through WebSockets.🚢 ⛵Exploiting Request Smuggling on TryHackMe⛵ ⛵🚢 WebSockets: Upgrading HTTP connections to Websockets ⛵🚢 Abusing Websockets for Request Smuggling: Smuggling HTTP requests through broken WebSocket Tunnels ⛵🚢 Defeating Secure Proxies: Leveraging SSRF 🚢Room Link🚢 tryhackme.com/r/room/wsrequestsmuggling 🚢TryHackMe Web Application Pentesting Path P...
🚛🕵️♂️💥 HTTP Request Smuggling | TryHackMe | Web Application Pentesting💥 🕵️♂️🚛
มุมมอง 187หลายเดือนก่อน
💥Learn about HTTP Request Smuggling and its different techniques.💥 🕵️♂️💥 Introduction: HTTP Request Smuggling is a vulnerability that arises when there are mismatches in different web infrastructure components. 🕵️♂️💥 Modern Infrastructure 🕵️♂️💥 Behind the Scenes 🕵️♂️💥 Request Smuggling CL.TE (Content-Length/Transfer-Encoding) 🕵️♂️💥 Request Smuggling TE.CL (Transfer-Encoding/Content-Length)...
🔐🔢 🔐 Session Management | TryHackMe | Understanding and Exploiting Vulnerabilities 🔐🔢🔐
มุมมอง 540หลายเดือนก่อน
🔐🔢 Learn about session management and the different attacks that can be performed against insecure implementations.🔐🔢 🔢 What is Session Management? Creation, Tracking, Expiry, Termination 🔢 Authentication vs Authorisation: Identification, Authentication, 🔢 Authorisation, Accountability 🔢 Cookies vs Tokens 🔢 Securing the Session Lifecycle 🔢 Exploiting Insecure Session Management 🔐🔢 Room Link: tr...
🐞🪲🐞 Incident Response Process | TryHackMe | NIST Incident Response 🐞🪲🐞
มุมมอง 409หลายเดือนก่อน
🐞🪲🐞 Incident Response Process | TryHackMe | NIST Incident Response 🐞🪲🐞
🧐🧐 Lookup | TryHackMe | CVE-2019-9194 | elFinder | From Boot to Root 🧐🧐
มุมมอง 640หลายเดือนก่อน
🧐🧐 Lookup | TryHackMe | CVE-2019-9194 | elFinder | From Boot to Root 🧐🧐
👾☢️👾 Threat Hunting With YARA | TryHackMe's Hands-On Guide 👾☢️👾
มุมมอง 762หลายเดือนก่อน
👾☢️👾 Threat Hunting With YARA | TryHackMe's Hands-On Guide 👾☢️👾
🐭🐭 Mouse Trap | TryHackMe | Mobile Mouse Server | CVE-2023-31902 🐭🐭
มุมมอง 864หลายเดือนก่อน
🐭🐭 Mouse Trap | TryHackMe | Mobile Mouse Server | CVE-2023-31902 🐭🐭
🌟👩🏼💻 Hack Back | TryHackMe | Binary analysis | Reverse Shell | Smart Contract 👩🏼💻🌟
มุมมอง 4342 หลายเดือนก่อน
🌟👩🏼💻 Hack Back | TryHackMe | Binary analysis | Reverse Shell | Smart Contract 👩🏼💻🌟
🦈 🐍🐍 SeeTwo | TryHackMe | Binary Analysis and PyInstaller Extraction | C2 | CTF 🐍🐍🦈
มุมมอง 5082 หลายเดือนก่อน
🦈 🐍🐍 SeeTwo | TryHackMe | Binary Analysis and PyInstaller Extraction | C2 | CTF 🐍🐍🦈
🌐🚀🌐 Networking Core Protocols | TryHackMe | Protocols 101: Your Guide to DNS, HTTP, FTP & More 🌐🚀🌐
มุมมอง 3482 หลายเดือนก่อน
🌐🚀🌐 Networking Core Protocols | TryHackMe | Protocols 101: Your Guide to DNS, HTTP, FTP & More 🌐🚀🌐
🌐🌐 Tcpdump: The Basics - Packet Capture and Filtering | Beginner’s Guide | TryHackMe 🌐🌐
มุมมอง 1K2 หลายเดือนก่อน
🌐🌐 Tcpdump: The Basics - Packet Capture and Filtering | Beginner’s Guide | TryHackMe 🌐🌐
☣️👿 CAPA: The Basics | Common Analysis Platform for Artifacts | TryHackMe | Cyber Security 101 👿☣️
มุมมอง 1.4K2 หลายเดือนก่อน
☣️👿 CAPA: The Basics | Common Analysis Platform for Artifacts | TryHackMe | Cyber Security 101 👿☣️
✿✿🌹 Whiterose | EJS | SSTI | Sudoedit Bypass | TryHackMe Walk Through 🌹✿✿
มุมมอง 1.5K2 หลายเดือนก่อน
✿✿🌹 Whiterose | EJS | SSTI | Sudoedit Bypass | TryHackMe Walk Through 🌹✿✿
📸📸 Digital Forensics Fundamentals | TryHackMe | Cyber Security 101 📸📸
มุมมอง 4872 หลายเดือนก่อน
📸📸 Digital Forensics Fundamentals | TryHackMe | Cyber Security 101 📸📸
🔓🔓 John the Ripper: The Basics hash cracking | TryHackMe| Cyber Security 101 🔓🔓
มุมมอง 1.7K2 หลายเดือนก่อน
🔓🔓 John the Ripper: The Basics hash cracking | TryHackMe| Cyber Security 101 🔓🔓
📘📘 JavaScript Essentials: TryHackMe Essentials Guide | Cyber Security 101 📘📘
มุมมอง 8042 หลายเดือนก่อน
📘📘 JavaScript Essentials: TryHackMe Essentials Guide | Cyber Security 101 📘📘
🚨🛡️ Vulnerability Scanner Overview | TryHackMe | Cyber Security 101 🛡️🚨
มุมมอง 1.8K2 หลายเดือนก่อน
🚨🛡️ Vulnerability Scanner Overview | TryHackMe | Cyber Security 101 🛡️🚨
🐖🛡️🐖 IDS Fundamentals: Understanding IDS with Snort | TryHackMe | Cyber Security 101 🐖🛡️🐖
มุมมอง 7062 หลายเดือนก่อน
🐖🛡️ IDS Fundamentals: Understanding IDS with Snort | TryHackMe | Cyber Security 101 🐖🛡️🐖
Please subscribe to get the latest videos www.youtube.com/@djalilayed
Thank you.
You have a lot of patience and knowledge. One of the best video. keep it up.👍. How did you achieve this level? Would love to know..
THM{:::MY_DECLINATION:+62°_14\'_31.4'':::} THM{¡!¡RIGHT_ASCENSION_12h_36m_25.46s!;!}
Thanks for the video! It really helped me out.
Glad it helped!
when you try to list the processes like you did with "ps auxf" and they don't show the whole line, just expand the columns. export COLUMNS=1234 Now you have up to 1234 characters in your terminal. ps auxf should work just fine.
Thanks will check
I did everything like you did but it doesn't show up for me templates when I use command LS
Hi, what exactly you did? can you share the steps / commands / output
thanks for video
Most welcome
Thanks Djalil.
thanks for the support
What happened to your sound?
I need to figure it out, this happen after upgrading my Ubuntu machine
Please subscribe to get the latest videos www.youtube.com/@djalilayed
please make vid for q5
for the people watching this video am not getting the information correct for task 3 had to watch a video to fond the ansewers dident get the duration and eather reassem_tcp_size
another solution: SELECT * FROM hacking_tools WHERE amount % 10 != 0; the expression amount % 10 != 0 is used to filter records where the amount does not end in zero. Here's how it works: If amount is 169, then 169 % 10 equals 9. If amount is 180, then 180 % 10 equals 0. != 0: This checks if the result of amount % 10 is not equal to zero.
great video, ty!
Thanks for the support
just an fyi for other beginners, u can type the function and then press return to go to another line -> it will appear like this -> then u can use another function to keep stacking them ->then u type the semicolon to run the prompt, it can be at the end of the sentence like this; ->or alone line this ->; mysql> SELECT name -> FROM hacking_tools -> WHERE category = 'Network Intelligence' -> AND amount <100 -> ;
Good point! This is very helpful for beginners to understand!
1100 day streak is crazyy
Thank you!!
You're welcome!
Great tips
Glad it was helpful! thanks
Nice work. You can figure out that port 8080 is exposed to localhost by viewing the contents of /proc/net/tcp using the same payload you've been using.
thanks, will check
Thank you!!
You could just replace retval to ptr1 to get the where_is_the_yeti btw. Too bad I ran out of time😅
that will just give you the password, you still need to trigger create_card function to create the zip folder that contain the card.
thank you, it was very clear explanation
Glad it was helpful!
Thanks a lot! I really wanted to know how to get first card!
Glad I could help! thanks for the support
i was waiting for this thank you!
You are welcome, glad to help!
Playlist for Keycards th-cam.com/play/PLrY_AbzZGqt8mrPqCsvois6RiVcfDE2yF.html
Playlist for Keycards th-cam.com/play/PLrY_AbzZGqt8mrPqCsvois6RiVcfDE2yF.html
Playlist for Keycards th-cam.com/play/PLrY_AbzZGqt8mrPqCsvois6RiVcfDE2yF.html
Playlist for Keycards th-cam.com/play/PLrY_AbzZGqt8mrPqCsvois6RiVcfDE2yF.html
Playlist for Keycards th-cam.com/play/PLrY_AbzZGqt8mrPqCsvois6RiVcfDE2yF.html
Script used on the video: github.com/djalilayed/tryhackme/blob/main/Advent%20of%20Cyber%20'24%20Side%20Quest/L5_Keycard.js
Please subscribe to get the latest videos www.youtube.com/@djalilayed
Please subscribe to get the latest videos www.youtube.com/@djalilayed
Please subscribe to get the latest videos www.youtube.com/@djalilayed
Scripts used on the video github.com/djalilayed/tryhackme/tree/main/Advent%20of%20Cyber%20'24%20Side%20Quest/T3%3A%20Escaping%20the%20Blizzard
Please subscribe to get the latest videos www.youtube.com/@djalilayed
Scripts used in the video github.com/djalilayed/tryhackme/tree/main/Advent%20of%20Cyber%20'24%20Side%20Quest/T2%3A%20Yin%20and%20Yang
Please subscribe to get the latest videos www.youtube.com/@djalilayed
I spent so much time messing around with the /console + pin, discovering new accounts/decoding the cookie, and I never checked the encode for the transaction ID. Thanks for posting this!
I did the same, the console took me to rabbit hole, lesson learned is to check software versions, do more enumeration to have a big picture.
❤❤❤❤❤❤
Thanks for the support
Thanks habibi!!
Thanks for the support
Thanks bro, I was stuck on Task 6 because I forgot you can inspect webpages lol.
Thanks for the support, glad video help
THANK YOU !!!
Thank you for the support
What is criteria of wining cash prizes
there is no cache prizes, and all info on the link, you can read about it tryhackme.com/r/room/adventofcyber2024
Brother tell me how can I register on. Advert of event cyber security for cash prizes
TryHackMe advent of cyber is free, you can start it tryhackme.com/r/room/adventofcyber2024
root@ip-10-10-254-248:~# ssh '<?php system("ls"); ?>'@10.10.248.63 remote username contains invalid characters can u help me and why i get that
i still can not understand it even with the explication!!! what is the role of # ? and what if we change another character to his ascii code ? for example puting %3F instead of %23 ! would it work ? plz i need more detelaid explanation about this trick and thanks.
I'm new to THM and completely don't undersatnd this part. Thanks for your explanation.
Thanks for the support, glad video help
Google 2FA authentication Bypass video
Hi, I do not get you here, what you mean?
Thumbs up for liking Vim over nano
I always use vim!