The .microseconds field of the datetime.timedelta object doesn't give you the time in microseconds. It gives you the microseconds part of the time. That is, if the first request took 1 second and 150 microseconds, while the second only took 150 microseconds, they would both have r.elapsed.microseconds == 150. You got lucky with your code :)
I have a question, we had LFI and if we upload the shell we could check for upload file name using it, why spend time to create php code to figure out the name?
I have noticed you always scan the top 1000 ports only. What if there is a service that is not in the top 1000 list? Isn't it better to scan all ports -p-? Yes, it will take longer but there is no chance of missing a port.
He does that too in the background usually. He doesn't do that when he already finds a good enough attack surface to work with using the default nmap scan range
It's funny that you say "it supports recursion, that's good" because years ago I think you were saying dirbuster's recursion takes way too long and you didn't like it
You are the best trainer🙏 🇮🇳
Great box and great video as always! love how you approache and explain everything!
no joke, this is really realistic. I found a 0day for a dating CMS with exactly this fault 😂
The .microseconds field of the datetime.timedelta object doesn't give you the time in microseconds. It gives you the microseconds part of the time. That is, if the first request took 1 second and 150 microseconds, while the second only took 150 microseconds, they would both have r.elapsed.microseconds == 150. You got lucky with your code :)
Just wondering if you could have written some PHP code to the access log, and have that file included to get RCE.
how did you not even check if that password is valid for admin login 😅
What's going on TH-cam, this is John Hammond.
A request. Can you make a video on how to create our own machines and also if possible how to submit them on htb.
Great writeup as always! ❤️
I have a question, we had LFI and if we upload the shell we could check for upload file name using it, why spend time to create php code to figure out the name?
ippsec always good timing
include('shell. jpg') in php. What about .asp/.aspx?
I have noticed you always scan the top 1000 ports only. What if there is a service that is not in the top 1000 list? Isn't it better to scan all ports -p-? Yes, it will take longer but there is no chance of missing a port.
He does that too in the background usually. He doesn't do that when he already finds a good enough attack surface to work with using the default nmap scan range
Why revshell and curl didn't work at first in image/upload url??
Firewall rules preventing it
i wonder how , wonder why??
❤️
It's funny that you say "it supports recursion, that's good" because years ago I think you were saying dirbuster's recursion takes way too long and you didn't like it
Please increase sound