HackTheBox "Business CTF" - Time - Command Injection
ฝัง
- เผยแพร่เมื่อ 15 ก.ย. 2024
- If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/g... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/john...
E-mail: johnhammond010@gmail.com
Discord: johnhammond.or...
Twitter: / _johnhammond
GitHub: github.com/Joh...
Really enjoyed the time you took to explain this one. it's pretty straight forward, but this format would be great for beginners. love your work
this makes me want to try some of these myself
Yeah same, the problem is that Ive never done anything like that lol
Followed you up since start of the year and quality has evolved in the meantime. Keep It up📼
Just wanted to say I'm new in the I.T. industry, read A+ and studying for my Network + cert while pursuing cyber security and watching these videos and having you explain things is really helpful for me despite how basic some of these are. Just wanted to say I appreciate the content this way.
This little breadcrumbs are so essential, thanks for sharing 👌👍
Love your content John....learn more and more.....greeting from indonesia
I like the tune after the video ending
absolutely love your videos John
I love your work John! ❤️
yay john is going back to his roots
Love the CTF videos! Keep that up man!
I learned a lot from this ctf.
brilliant
Can you please tell us why it didn't work with curl or browser? And why it's working only python?
Awesome content, getting to learn some new stuff :)
The reason it didn't work in the browser/curl was because you were using && instead of ;
&& runs the second command only if the first command ran successfully
; runs the second command regardless of the first command
And since the first command is `date ''` which returns an error, the second command never ran!
?format='; whoami # still fails in the browser.
The command would run `date +''`, which doesn't error, and returns an error code of 0 indicating it succeeded. It just has an empty string for a format string :)
@@_JohnHammond I believe the reason it does not work in browser is because # is never sent to the server as it is the "fragment identifier". However, URL encoding it to %23 might have worked IMO :)
Thank you for great video as always!
Really helpful thank you
What happened to the dark web series?
Yayyyyy ctfs!!!!!!
Great video's mate.
love your videos man
That was good
u are awsome
I am first command. Holy YES!
Me first to reply you and second to comment 😏
Me second to replay and third comment
@@nizarel-marzouki9076 me third to reply and 4th to comment :)
5th. baby!!!
You may be first to command but not to comment
Love ur vids
Sir ... if possible ... please release a video on Pegasus spyware ...
Htb ca 2024 had same challenge again this year lol
hey how did u crack the password? that time it was unprotected but now password is required. actually I am new here
shebang
to the 8 people who disliked, Why?
Update your chrome
Nice try!
2nd comment because replies to comments don’t count.
3rd Comment Muahahaaaa
7th