Відео

Welcome!

Web fundamentals, how things work/how things connect etc. Web languages, html/javascript/php,java, c#, NodeJS,python etc Web frameworks/platforms, Laravel, wordpress etc. Web security, implications, what can lead to what, risk, impact, what you can leverage etc.

@@SecAura Excellent! Thank you, brother. I just started a course on php and MySQL databases. I’ll continue with that, then move on to NodeJS and JavaScript 😊👍 . Do you think it’s worth doing a full stack Web development course? To learn the fundamentals?

Any time Eagle <3

No problem! - glad youre getting through the videos!

Glad it was helpful! - I tried! :)

My pleasure!

I am planning on it, just been super busy with work :) - But some is in the pipeline!

@@SecAura Excellent! 😊☺️👍

yes totally! they have a couple academy challenges for these areas - academy.hackthebox.com/ - and some of the boxes(including my web htb series have some great oportunities to learn web! :)

@@SecAura Excellent! I’ll check them out. Thanks! Basically, i’m trying to get my skill set to the OSWE level using free resources. I would love to do the course. But i’m a bit broke lol, so i’m trying to build a poor man’s version with free resources, like hackthebox, and so on. So, i’m trying to identify the best resources to achieve it 😅…

Tis' a great mouse :)

It's not a dumb question at all! - So I'm not sure I follow your question, but basically SQL injection resides in the query, we are effectively appending/manipulating the SQL query to make it do something else than it was originally written to do, such as instead of give us all the usernames given an allergy, as I show in this demo, I am able to inject additional SQL into the query which is THEN sent to the Database, and make it instead give password for example - the attack is inside the query, not the database itself. In terms of seeing the result, well it depends if the application returns the user requested data, in demo 1, standard SQL injection, names are returned based on allergy search. You can manipulate the query and make it give us passwords. But in the second demo - Blind SQL Injection, you are only given a true or false if the data was returned at all/without error, so you have to work off how the app behaves, and imply the truth based on what you know to be true/false, often why i prefer to call it implicit based SQL injection. Hope this helps! But if it doesnt, then please rephrase your question and I will be hapoy to answer it :) Thanks for watching, happy hacking!

@@SecAura I understand that, but where can I see the result? On terminal, the website, source code or an app 😂😂. Thanks for helping!

Thanks! Hope you learnt something :)

❤️

Hahaha ooo someone who got the GENSHIN references! Wasn’t sure if they were noticed! Haha tell that to the UA-cam algorithm ;) I try <3

Yea! I plan to upload this to GitHub! @SecAura:)

Thanks so much! I am trying my best! <3

Sure! Ill do a dedicated video on SQLMAP in the SQL series :)

I very much plan to make to this standard and more! Any topics you would like to see covered? :) - I was thinking in terms of web apps, XSS, or maybe in the ActiveDirectory realm of say Kerberoasting ? etc. ideas welcome! and thanks! Im glad you like it!

@@SecAura please make a series of OWASP top 10 vulnerability.

You're welcome! - Hope you enjoyed!!

No problem !!- Hope you enjoyed!!

you are 💯

hahaha hope it can live up to your expectations!!! I tried my best!! :D

@@SecAura can say it exceeded expectations was well worth the wait

Thanks LordZap!

Thanks dude! <3

Yes! Just been getting the odd CTF video out where I can! More stuff to come!

Thanks MasterGaming! :) - The github for them is in the desc. or you can goto here - github.com/SecAuraYT/HackTheBox/tree/main/helperScripts :) Keep studying dude, youll be a cyber beast in no time <3

Hope you enjoyed <3

You’re welcome! Hope you enjoyed:)

Hey MasterGaming, it's going great thanks! Yourself? That's a great idea, and something I've wanted to put out for sometime! I too remember some time ago, googling this exact thing to learn more! My best advice to learn this type of thing is really to read windowsy CTF writeups, my suggestion is reading/watching the writeup for the below windows AD boxes (I link ippsec's videos as he has great coverage of the points): ua-cam.com/video/mr-fsVLoQGw/v-deo.html ua-cam.com/video/IfCysW0Od8w/v-deo.html ua-cam.com/video/uLNpR3AnE-Y/v-deo.html ua-cam.com/video/ob9SgtFm6_g/v-deo.html ua-cam.com/video/HTJjPZvOtJ4/v-deo.html ua-cam.com/video/Jg_BjkxdtsE/v-deo.html ua-cam.com/video/eRnqtXwCZVs/v-deo.html ua-cam.com/video/YVhlfUvsqYc/v-deo.html ua-cam.com/video/VVZZgqIyD0Q/v-deo.html ua-cam.com/video/Ro2vXt_WFDQ/v-deo.html I link the AD boxes, as theres lots of AD bits in here as well as windows bits :) I recommend you watch the video, then the next day, or some time after you then complete the box... this method will allow you to know the rough steps, but force you to use your brain to do the execution of such steps, rather than straight copying the video/writeup :) Thanks for your suggestion, i have added it to my video planner :)

That sucks dude! But you’ll get it next time!! Make sure to really smash out the challenge machines they give you! They help a bunch! So glad my content can help:)

My pleasure! :) Hope it helped :)

So glad you find it helpful! :) Yes I have plans for more web fundamentals and have all the parts for a comprehensive SQL injection video, I just wasnt happy with execution of it, so i have put it on hold till i am happy and less busy with work/certs! Have you any content suggestions for the web fundamentals series ? :) - or anything similar. ευχαριστώ / Thank you :)

@@SecAura I appreciate the time and effort you put in these videos,especially if you are busy with work/study for certs, thus I believe it will be better if I leave the subject of the videos up to you. :) Παρακαλώ! Greek?How come?

Thanks man! Slowly getting back into it! Really hoping to release some proper content soon :)

Haha thanks Harshil! - I am hoping to get some proper content out soon when i get time! Hoping to get something that really helps grow my channel, as its exposure its so small right now! But I am grateful for people like yourself who value my efforts despite my small channel :) Thank you for you loyalty :)

Hey MasterGaming, I don't plan to stop! :) Just been very busy with work/certs the past month! Thank you for your motivating comment and loyalty to my channel :) - It's appreciated! <3

Hi, no! I am uploading secet.htb now! Sorry for the lack of videos, been busy with certs/work! Will be back on track soon with weekly videos :) Thanks for your loyalty :)

@@SecAura 🎉🎉

Soo glad you liked it! It was honestly one of my fave boxes! You did an awesome job of creating this challenge! <3

Glad you liked it! The stuff I teach in this series is very close to the real deal, so I really hope it helps you! If I recall correctly, you were allowed to use the internet, but they monitored your screens so Im pretty sure youre allowed to use shells off the internet, but to be honest, you will only need a handful of shells i.e a linux NC + bash/python rev shell code. Windows invokeTCPreverseshell Nishang, or a reverseshell.ps1 code, or what I did, and download a php file that drops a rev shell and then run it via apache. This is a great resource: book.hacktricks.xyz/shells/shells/linux Also you can use my tool that spits out some rev shell one liners :) - github.com/SecAuraYT/HackTheBox/blob/main/helperScripts/shellz

@@SecAura Thanks man! I look forward to more content! Keep up the good work!

Thanks for the support Harshil :)

Haha indeed!! did you do the arp capabilities priv esc?;)

@@SecAura I've watched ippsec talked about it, unfortunately i didn't have the chance to do the box :(

Youre welcome! Hope you enjoyed!:)

Glad to see something peaked your interest :)