Wow, watching you dive into the world of hacking and database dumping is both fascinating and nerve-wracking at the same time! Your expertise is truly impressive, and I appreciate the way you break things down for us mere mortals to understand. As someone who is always looking to expand their knowledge in the field, your videos are a must-watch. Keep up the great work, John!
My initial thought was to use a tilde instead of a single quote character in the injected data because all tildes will just end up being converted into a single quote on line 17.
That comment left by "Gamerboy80" might actually be a reference to a UA-camr by the same name - gamerboy80. He's a somewhat popular minecraft youtuber, known for his bedwars. I wonder if he was put in on purpose, or it was a coincidence.
Your practical run throughs super helpful and well explained. Do you do a single take on the fly or are there multiple takes?. Even someone brain dead like me can follow it 😅. Thanks man.
If /* is banned, but you are able to inject single quotes you can do that without multiline comments or spaces: 'or'1'='1'-- . The single quotes work as spacer between the tokens too.
I think you could also have replaced the backslashes in your query with a tilde and you will get a single quote at the end because every tilde is being replaced by a single quote in that function.
Hello John, Today I found out that you will be at Rootedcon in Madrid (Spain) what great news I look forward to greeting you in person and having a few beers at the booth of my company that is a diamond sponsor of the conference You are a total crack, total pro! Keep it up dude! How much you help us! The conference says that it is in Spanish lol, is that right? BR
Maybe ascii85 doesn’t have ‘~’ or doesn’t allow it at the beginning something like that That could be true because ‘~’ is the last printable ASCII character
In real life, how would you go about getting the source code? I imagine it would be protected behind security, which, if you could break that security you would have access to the full database anyway and basically access to the whole website?
Maybe you were able to download the code and the security team kicked you out of their server before you got the db. Or you could have hacked the dev and now you want to go further by getting the production db
There are a lot of projects that use databases. Many are open source. SQLite is also often installed as part of a larger program a user (like an accountant) has access to, but shouldn't have access to the whole database, just least privilege. The program should run parametrized statements and only return data the user should have access to. A point John did not go over here, because it was not the topic of the video, is the importance of encrypting any sensitive data. Just in case someone does dump the database.
@@_JohnHammond thanks for the mention. On an unrelated side note, I see a major lack of pentesting, auditing/code analysis of opensource projects. There is almost a blind belief in opensource security & safety. Android custom roms & foss apps are the my biggest concern. Most don't patch on time, don't adhere to android CDD security spec, etc. There's fast growing user base of these & it's promoters too focused on opensource = private idea. We need a reputed, unbiased, 3rd party without any conflicts of interest. Would you be up for a challenge to test the most popular android ROMs, repos & apps like graphene os, fdroid, microg, aurora store etc? Test if they have backdoors, vulnerabilities, malware, their security practices, or whatever. You may be the first youtuber to do these tests!.
John, this is the grammar and pronunciation police. You may not have seen my previous comment, but this is strike two. I have now sited you for not only pronouncing tuple "toople" but also pronouncing init "ine-it". I mean, come on, it literally stands for initialize. You're gonna give me an aneurysm, lol.
I don't get why people watch this guy. He goes on a lot of rants but never ends up 'cracking the code' when analyzing the code of those hackers. Essentially, he doesn't know anything. Waste of time.
This video is the pure example that you can't be a penetration tester if you don't know how to code. You have stupid people trying to convince others not to learn how to code so they don't feel alone. If you know how to code 99% of the time you will get a bug. You can't find bugs if you don't know how to spot a vuln on a source code
I love it when you also tell us what each command means and how to use keyboard shortcuts.
You could also have injected the single-quote using a tilde because it's later replaced with a single-quote.
Exactly why I came to the comment section
Thank you!
ascii85 does not support the ~ character IIRC
Wow, watching you dive into the world of hacking and database dumping is both fascinating and nerve-wracking at the same time! Your expertise is truly impressive, and I appreciate the way you break things down for us mere mortals to understand. As someone who is always looking to expand their knowledge in the field, your videos are a must-watch. Keep up the great work, John!
Always a good day when you get a John Hammond notification
My initial thought was to use a tilde instead of a single quote character in the injected data because all tildes will just end up being converted into a single quote on line 17.
That comment left by "Gamerboy80" might actually be a reference to a UA-camr by the same name - gamerboy80. He's a somewhat popular minecraft youtuber, known for his bedwars. I wonder if he was put in on purpose, or it was a coincidence.
And now tell me that a hacker don't have to be a programmer... Awesome stuff!
This is exactly what I said. Whoever say programming isn't important is just lying because they cant programm themselves
Only a script kiddie would say that
Your practical run throughs super helpful and well explained. Do you do a single take on the fly or are there multiple takes?.
Even someone brain dead like me can follow it 😅. Thanks man.
The python multi-line comment trick was really clever!
24:40 I think Python3 is enough for now, we don't need Python4 yet...
Really enjoy the watching the video,
Good work!
If /* is banned, but you are able to inject single quotes you can do that without multiline comments or spaces: 'or'1'='1'-- . The single quotes work as spacer between the tokens too.
I'm finally getting to a point in my understanding of python to be able to follow this
Dang , Nice vid , LA ctf was awesome !
This is 100, Im studying for OSCP do you have pre-oscp guide playlist?
I think you could also have replaced the backslashes in your query with a tilde and you will get a single quote at the end because every tilde is being replaced by a single quote in that function.
Hello John,
Today I found out that you will be at Rootedcon in Madrid (Spain) what great news
I look forward to greeting you in person and having a few beers at the booth of my company that is a diamond sponsor of the conference
You are a total crack, total pro!
Keep it up dude! How much you help us!
The conference says that it is in Spanish lol, is that right?
BR
Gamerboy80? He's gone from playing bedwars to hacking?
Yet another amazing video. I'd seriously pay for some private lessons by you 😂
5:50
Lysdexics of the World Untie!!
Much appreciate for sharing us and teaching us always sir
What is eye-nit? Eye-nitialisation?
You make it look so easy!
Very good video! Thanks
Awsome video, thanks john
Thanks for this showcase!
Gj !, just wondering, why you didn't start your own online academy courses, i will definitely purchase
knowing that the decode function replaces a ~ with a /' could you have just injected your command as ~ or 1=1 --?
Maybe ascii85 doesn’t have ‘~’ or doesn’t allow it at the beginning something like that
That could be true because ‘~’ is the last printable ASCII character
In real life, how would you go about getting the source code?
I imagine it would be protected behind security, which, if you could break that security you would have access to the full database anyway and basically access to the whole website?
You'd be surprised how often an entire website is available on github.
Maybe you were able to download the code and the security team kicked you out of their server before you got the db.
Or you could have hacked the dev and now you want to go further by getting the production db
There are a lot of projects that use databases. Many are open source.
SQLite is also often installed as part of a larger program a user (like an accountant) has access to, but shouldn't have access to the whole database, just least privilege. The program should run parametrized statements and only return data the user should have access to.
A point John did not go over here, because it was not the topic of the video, is the importance of encrypting any sensitive data. Just in case someone does dump the database.
Excellent
gamerboy80 the bw player let's go :D
John Hammod:: like the scientist from the jurassic parc. ha ha
❤❤❤
9:02 MR BEAST
i can’t stop laughing seriously😂
Never ever John lets you down
I think in the real world you just ban direct concatenation instead of using filters. Am I not right?
Always great quality content... Love these.. specially my favourite SQL injection ones 👌
Why don't we just replace injectable query with parameterized like all other? Another question is about hash %).
What's the lesson here? Don't reinvent the sanitization function wheel?
Hello John. Which CTF-website is this?
This is from Lactf, challenges will be taken down soon
This is LACTF, some of their challenges are still up and available for the week, but the game finished last weekend :)
@@_JohnHammond thanks for the mention. On an unrelated side note, I see a major lack of pentesting, auditing/code analysis of opensource projects. There is almost a blind belief in opensource security & safety. Android custom roms & foss apps are the my biggest concern. Most don't patch on time, don't adhere to android CDD security spec, etc. There's fast growing user base of these & it's promoters too focused on opensource = private idea. We need a reputed, unbiased, 3rd party without any conflicts of interest.
Would you be up for a challenge to test the most popular android ROMs, repos & apps like graphene os, fdroid, microg, aurora store etc? Test if they have backdoors, vulnerabilities, malware, their security practices, or whatever.
You may be the first youtuber to do these tests!.
Just so you know, unless i'm missing some inside joke, It's not pronounced inet... it's pronounced innit. Like in initialise.
Keep going ✅
Great vid as always john
How could you know? You commented the minute it was published. (It was good though good job John).
Bro make a video on how to decompile latest marshal bytecodes of python3.9,3.10,3.11
Hello, do you think you could analyse a video game cheat?
👊💪💪💪
What ctf is that?
I’m Gamerboy80
sql injection perhaps.
John, this is the grammar and pronunciation police. You may not have seen my previous comment, but this is strike two. I have now sited you for not only pronouncing tuple "toople" but also pronouncing init "ine-it". I mean, come on, it literally stands for initialize. You're gonna give me an aneurysm, lol.
you look like justin roiland
3rd
1st!
Lol wht
62nd
2nd comment
1st like
I don't get why people watch this guy. He goes on a lot of rants but never ends up 'cracking the code' when analyzing the code of those hackers. Essentially, he doesn't know anything. Waste of time.
This video is the pure example that you can't be a penetration tester if you don't know how to code. You have stupid people trying to convince others not to learn how to code so they don't feel alone.
If you know how to code 99% of the time you will get a bug. You can't find bugs if you don't know how to spot a vuln on a source code