heyy John, I've been watching hours of your content and I think this is the right moment to leave a comment. I really love your videos and especially the rythm and the way you say everything that goes through your mind I'm still kind of half a noob at programming but listening to you thinking and testing stuff is way more enjoyable and inspiring than boring tutorials Thank your for sharing your knowledge, I wish you the best from France -A random dude that learns and devs web and python apps in his bedroom at parents'
john i've been subscribed for years and was really big on your channel about early last year. I fell off because of school and other stuff but tonight i sat down and watched the whole thing through, which I normally never do to any youtube video. now my itch is back and I want to get back into CTFs. thanks for sticking around and for the constant flow of informative engaging content.
Love the videos, they are always so much to absorb I love it. your probably aware of this one, but when you get a code output that's is all jumbled. rather then trying to splitting the code up. which works no doubt, just seems quicker or run it through an online code beautifier. some code editors might have a auto beautifier. they have them for most of the code language's. they doesn't alter the code just makes it human readable. puts in the tabs in the right spot for python. or other code types. also adds color for more complicated code which is a nice touch.
That's why I always run the webserver as a low privileged user and set all permission on files as read-only (for the web server user). Anyway as always thank you for sharing the knowledge!
no chapters in a 40 min video 😱 this was a great challenge! nice to see the extra exploration of SSTI, i just replaced one of the python files with a modified version containing some friendly (totally non malicious) code 😈
Since it was running as root, could have just injected a python script to give you reverse TCP and it should be a reverse shell running as root, correct?
As a hypothetical, if you were to engage this type of web app in a black box situation, how would you go about identifying the Zip Slip vuln on this machine? I'm having trouble wrapping my head around how to look at CTF boxes from a scope of work type of perspective. Do most of these types of vulns only get discovered in situations where you're allowed to audit (via source code or some other grey/white box situation) that this app is mishandling TAR and such? sorry if that's a complex question. Love your videos. Thanks for all you do for this community.
About 1:50 he views the source of the webpage (all web browsers can do this, how would they display a webpage otherwise?) and at the bottom (in this case) is "/static/js/main.js". One could copy-paste that relative path into the browser's address bar to view the file. The contents of this file would be the same as 11:50, where he finds the TAR mishandling code and the "/api/unslippy" POST url. As for the ssti, he finds the server type in the request headers in the browser dev tools (3:18). All this recon solely through the browser, no special tools needed. The only additional info possibly needed would be experience
Ya know.... The thing that actually bothers me deeply is . 'Why the hell .. Why the bloody hell is directory climbing ALLOWED?' Preventing the ' .. ' would seriously nix the 'slippy' faults, and alot of the injection exploits? -- I'd also be very warry of how I allowed updates & debugging, let alone enabling some Read Only access to the web server to key script files.
heyy John, I've been watching hours of your content and I think this is the right moment to leave a comment.
I really love your videos and especially the rythm and the way you say everything that goes through your mind
I'm still kind of half a noob at programming but listening to you thinking and testing stuff is way more enjoyable and inspiring than boring tutorials
Thank your for sharing your knowledge, I wish you the best from France
-A random dude that learns and devs web and python apps in his bedroom at parents'
john i've been subscribed for years and was really big on your channel about early last year. I fell off because of school and other stuff but tonight i sat down and watched the whole thing through, which I normally never do to any youtube video. now my itch is back and I want to get back into CTFs. thanks for sticking around and for the constant flow of informative engaging content.
Love your vids man, teaching me to be a better programmer and problem solver...thanks for sharing your brain and time.
I found your channel many months ago through these kinds of videos, and here I am, still watching these videos.
"Werkzeug" is german for "tool". Watching you is so interesting and helpful, love your videos. Greetings from germany.
Just wanted to send this information too... In germany we say: "dEr FrÜhE vOGeL fÄNgT dEN wuRM."
I'm 100% using "That floated my fancy" in my day to day conversation from now on.
opening a totally new world with you man, excellent
Love the videos, they are always so much to absorb I love it. your probably aware of this one, but when you get a code output that's is all jumbled.
rather then trying to splitting the code up. which works no doubt, just seems quicker or run it through an online code beautifier. some code editors might have a auto beautifier. they have them for most of the code language's.
they doesn't alter the code just makes it human readable. puts in the tabs in the right spot for python. or other code types. also adds color for more complicated code which is a nice touch.
That's why I always run the webserver as a low privileged user and set all permission on files as read-only (for the web server user).
Anyway as always thank you for sharing the knowledge!
As always, amazing video. Thank you John.
Would be interested to see a CTF where you are to attack a Spring Boot Java application. Love the videos BTW!
no chapters in a 40 min video 😱 this was a great challenge! nice to see the extra exploration of SSTI, i just replaced one of the python files with a modified version containing some friendly (totally non malicious) code 😈
I am your great fan john,
I have learnt many stuffs from your vids
Sublime allows you to open an entire folder at a time so that its easier for the viewers to follow along on where you are in the file tree
well done as always! Thanks.
Since it was running as root, could have just injected a python script to give you reverse TCP and it should be a reverse shell running as root, correct?
impressed and subscribed
can you tell us about Cyber Santa is Coming to Town (hackthebox ) challenge
That tickled my boat
I love pretending like I know what's going on.
*internal screaming*
If that's Difficulty 1 I'm curious to what's involved in the 4-star problems.
As a hypothetical, if you were to engage this type of web app in a black box situation, how would you go about identifying the Zip Slip vuln on this machine? I'm having trouble wrapping my head around how to look at CTF boxes from a scope of work type of perspective. Do most of these types of vulns only get discovered in situations where you're allowed to audit (via source code or some other grey/white box situation) that this app is mishandling TAR and such? sorry if that's a complex question. Love your videos. Thanks for all you do for this community.
About 1:50 he views the source of the webpage (all web browsers can do this, how would they display a webpage otherwise?) and at the bottom (in this case) is "/static/js/main.js". One could copy-paste that relative path into the browser's address bar to view the file. The contents of this file would be the same as 11:50, where he finds the TAR mishandling code and the "/api/unslippy" POST url. As for the ssti, he finds the server type in the request headers in the browser dev tools (3:18).
All this recon solely through the browser, no special tools needed. The only additional info possibly needed would be experience
Class Pickle??!!??!! That better damn well be a DILL class!!!
Look near his image at 34:00
How did u find that file i want that filewhere i can that file or information plzz reply
when day 2?
Hey man .. can u please share the downloadable files (Dockerfile , app source code etc) from the challenge ?
Is StackOverflow really for anything Other Than new bastardized code?
Lmfao I'm sorry to laugh.... I seen "bastardized" and almost spit my drink out
I loved how you were analysing the source codes, is there any tutorials for that?
start writing code
Learn how to code? You can't really reverse engineer, if you can't even forward engineer
Right Indeed, thank you guys!
welcom back cyber sct
So cool
why are all these unlisted?
2 days ago?? SUS
Dark magic...
Ya know.... The thing that actually bothers me deeply is .
'Why the hell .. Why the bloody hell is directory climbing ALLOWED?'
Preventing the ' .. ' would seriously nix the 'slippy' faults, and alot of the injection exploits?
-- I'd also be very warry of how I allowed updates & debugging, let alone enabling some Read Only access to the web server to key script files.
it helps in exploiting LFI
@@SumanRoy.official isn't that malware design?
My point is, why is it even allowed when there should be no valid use of it in public sector use.
Malloc?
didn’t even get a reverse shell into the container, very disappointed
Where i can learn cybersec from scratch for free (sorry for my english)
On this channel ;)
I think it depends on how familiar you are with Linux/Windows/Networking/Programming. I’d build a base with those then try to venture out.
2nd comment
Is it only me or is there something weird with the sound?
How this is supposed to be beginner level
dont get the exploit. its just normal posix behaviour? lol
I posted the phone number Melissa Vicky Stevenson and Jimbo identity thefts scammers ask to call me
God damn. Those soy face thumbnails are really an eye sore in my suggestions...
Finally gotta unsubscribe because of the thumbnails.
Anybody know why changing info.mtime make it work ?
Great video, thanks for sharing!