good job man im starting love u hhh . but i need to repeat the video many times to understand well because as i said before English is not my native lang😭 but thank u so much 😍
Exceptional content, learned a lot, thank you so much. You are amazing bro 👏 Two things I am confused with the POST request at 17:36 1. Why & How did the Token worked? Normally it should get expired once it gets used, right? Also, if this is the case, then how can I dynamically get the token from the webpage & use it to submit the account creation request. 2. You spelled submit incorrectly, still the form got submitted. Why & How?
PinkDraconian is no longer with us but I 100% agree, he's an amazing hacker and created some awesome video content for us 🥰 I didn't solve this machine but for (1) I would hazard a guess (without watching the full video) that the CSRF token either a) doesn't change (intentionally vulnerable) or b) the token resets on each refresh, but the page isn't refreshed before we use the captured token. (2) is probably that a POST request to /accounts container a username and password is all that's required for authentication. The "sumbit" parameter is set to "pinkdraconian" as well, which wouldn't really make sense.
I got a 200 response when send the payload, but i didn't received nothing in the server side. Can u help me with this ? I've tried it a lot of ways, with Python server, ngrok, webhookers, netcat, using other ports,etc.. But i never receive the resquest in the server side.
You are so good dude, it is so easy to understand even for someone new in this industry like me
Thank you! That's always nice to hear! Good luck in this incredible industry!
Awesome work man.
I'm Brazilian and even so it was super easy to understand your explanation. Thank you very much man.
Glad to hear that!
Wow man! So simple to understand yet so informative. Awesome work man. Keep it up.
Glad you liked it! Way more videos to come! 😀
Very nice! Very easy to understand. Thanks!
Glad it was helpful!
man that was really insane
😏
Super well explained.
Glad it was helpful! 🔥
Awesome, mindblowing, thank you ! keep it up !
Thank you! Will do!
Awesome work man.
Thanks a ton!
Its good that draconian is getting a platform!
We are glad to have pink draconian on the team 😇
Awesome work
Thanks a lot 😊
good job man im starting love u hhh . but i need to repeat the video many times to understand well because as i said before English is not my native lang😭 but thank u so much 😍
Hey, no problem! That's how you learn.. even when videos are in my native language, I often have to repeat many times to understand 😂
@@intigriti thanks i got ur point hhh 😂
amazing and simply one
🙏🥰
Amazing Video !!!
Thanks! 💜
Exceptional content, learned a lot, thank you so much. You are amazing bro 👏
Two things I am confused with the POST request at 17:36
1. Why & How did the Token worked? Normally it should get expired once it gets used, right?
Also, if this is the case, then how can I dynamically get the token from the webpage & use it to submit the account creation request.
2. You spelled submit incorrectly, still the form got submitted. Why & How?
PinkDraconian is no longer with us but I 100% agree, he's an amazing hacker and created some awesome video content for us 🥰
I didn't solve this machine but for (1) I would hazard a guess (without watching the full video) that the CSRF token either a) doesn't change (intentionally vulnerable) or b) the token resets on each refresh, but the page isn't refreshed before we use the captured token.
(2) is probably that a POST request to /accounts container a username and password is all that's required for authentication. The "sumbit" parameter is set to "pinkdraconian" as well, which wouldn't really make sense.
I've just subscribed looking for more fire content like this in the future
Thanks for the sub! There is pleeeeenty more to come 😀
Great explaining I hope you do a lot like this video, Thanks
Thank you, I will
wow, great video :)
Thank you! 🙏🥰
Awesome
Thank you! 💜
Awesome! 😉
Thanks! 😄
I got a 200 response when send the payload, but i didn't received nothing in the server side. Can u help me with this ? I've tried it a lot of ways, with Python server, ngrok, webhookers, netcat, using other ports,etc.. But i never receive the resquest in the server side.
Is everything else set up correctly? Could you maybe make a video or blog to show?
Awesome, very informative
Thank you very much! We are happy if you like it 😎
Not sure why but the second payload is not returning anything except a 200 response.. the first one worked just fine
Weird, did you end up figuring it out?
@@intigriti I did indeed! It was a mistake on my end. Thank you for the reply
I love the content.
🙏🥰
Reflected xss to RCE ?
That won't be possible, afaik9
16:00 CSRF token are not stored as cookies!
Thanks for pointing out this mistake! My bad!
thanks
You're welcome!
SECURITY
HACKING