Talking about Snyk, you know what would be fun? Finding a vulnerability in Snyk that you can exploit to actually inject vulnerabilties into applications, into your code
This was dope!!! So funny i am watching and dont have a clue what you was doing but it was fun watching..... make me want to become a ethical hacker and move from my network position.
2:42 Hey guys, to see the code you have to click the right button on your mouse (that's the device you use to control your cursor) and select the option that reads "View Page Source" :) 15:40 aight, so I'm gonna get a reverse shell by starting a netcat listener, then using ngrok as a redirect, I will grab this bash script, set the correct variables and execute it within another bash call and done, we are in. Feel free to use stty or pwncat to get a better shell. draw the rest of the fucking owl much? lol
Hey guys! Can anyone explain to me why do we need the wrapping of the "bash" command? Why doesn't bash work on it's own (or sh for that matter)? p.s. great video :)
Hi I have a question Unfortunately I am getting electrical engineering [due to a f*ck education system] But I want to become a cybersecurity analyst Is it acceptable if I do my btech in electrical and after that Will I able to get into cybersecurity field
Hey John, Are you coming to black hat event in MIDDLE EAST AND AFRICA, located in Riyadh , Saudi Arabia on 15-17 November 2022. You should cooooome!! I want to take a pic with yaa :p
You can use pdf-parser To get information about pdf And to know if it contains malware CVE-2010-1240 Adobe reader v9.x/8.x $ pdf-parser evil.pdf | grep exe Result be like /F (cmd.exe) Then it's a malware
Great work John! This continues to be my favorite YT channel.
Quite simply the best, hands down.
Literally
I love the CTF videos please keep them coming.
Always good
This guy is a wizard!!
Talking about Snyk, you know what would be fun? Finding a vulnerability in Snyk that you can exploit to actually inject vulnerabilties into applications, into your code
Biggest menace comment i've ever seen
the content you put out is just out of this world. i follow many hackers but you are out of you league bro
You could also use rlwrap before your nc command to get a somewhat better shell out of the box
I remember Ippsec used the same synk payload in solving noter form HTB 😂 good work John
Love your content always 👌🙏
I just discovered this channel, fantastic🗣️🗣️🗣️🗣️🔥🔥🔥🔥🔥🔥
Love these videos
Excellent work
Awesome! I didn't know about this before. It's the first time I see a RCE with a XSS and a SSRF with the same XSS. Great job dude! :D
Awesome video, thanks.
One of my boxes in hackthebox called "Noter" had the same vulnerability!
Legend Hammond
I am already using it, thanks
Thanks John , nice work
What an amazing video!
This was dope!!! So funny i am watching and dont have a clue what you was doing but it was fun watching..... make me want to become a ethical hacker and move from my network position.
after almost 30 yeqr of playing with linux CLI, i learned about ^L ... i feel stupid lol
and nice one!
Wow you solved it super quick
2:42 Hey guys, to see the code you have to click the right button on your mouse (that's the device you use to control your cursor) and select the option that reads "View Page Source" :)
15:40 aight, so I'm gonna get a reverse shell by starting a netcat listener, then using ngrok as a redirect, I will grab this bash script, set the correct variables and execute it within another bash call and done, we are in. Feel free to use stty or pwncat to get a better shell.
draw the rest of the fucking owl much? lol
I feel like if someone doesn't know how to right click they should focus on stuff a little simpler at the moment
Awesome content!
get any recommendations on how to do this but locally? without use of cloud servcies? want to parse pdf into markdown.
Man! I took a break from CTF and looking at this showcase , sing me up for the next CTF
I like that shirt !!
woah that was cool, i really need to do some CTFs again
what if i have simillar ctf problem but js injection doesnt work?
Thank you
Awesome 😎😎😎
Awesome
This one sounds very interesting John! Excited to watch this later.
Hey guys!
Can anyone explain to me why do we need the wrapping of the "bash" command? Why doesn't bash work on it's own (or sh for that matter)?
p.s. great video :)
Ik the drill😂
so, the ---js … --- stuff does the same as …?
It's just a syntax tag (--- or ```) instead of a HTML tag
I loved it, i used to be lost on it, for now I'm ready))) thanks for all Mr John)))
Hmm, good work
Could you slow down you're going to quack... lmao
Gg, love the videos. Keep up the great work! ^_^
Curious if you could use this to trigger a MSF payload that kicks off a Sliver Beacon followed by a Cursed Chrome/Edge remote debug session?
🎉🎉🎉
First here. Awesome video keep it up
O .O great
this is cool...
Cool ☠👻
Very Snyky of you to use that Snyk vuln DB John! 😉 Fun challenge, I remember doing a very similar one on some other CTF or maybe TryHackMe once.
👍
Awesome,e
Hi
I have a question
Unfortunately I am getting electrical engineering [due to a f*ck education system]
But I want to become a cybersecurity analyst
Is it acceptable if I do my btech in electrical and after that
Will I able to get into cybersecurity field
John the ripper
Ayeeee
OP
people commenting without watch video
CTF challanges where the answer is the first result on google.
YAWN.
This aint a CTF its a skid playground.
Hey John, Are you coming to black hat event in MIDDLE EAST AND AFRICA, located in Riyadh , Saudi Arabia on 15-17 November 2022. You should cooooome!! I want to take a pic with yaa :p
John, considering cut your hair ? haha. just asking >#
I think it would be better to solve the challenges live, so we can see your thought process, as opposed to knowing the solution beforehand
Oops
You have not replied to my email..!
You can use pdf-parser
To get information about pdf
And to know if it contains malware
CVE-2010-1240
Adobe reader v9.x/8.x
$ pdf-parser evil.pdf | grep exe
Result be like
/F (cmd.exe)
Then it's a malware