Це відео не доступне.
Перепрошуємо.
This FFUF secret trick everybody need to know | Bug hunting poc
Вставка
- Опубліковано 28 чер 2024
- // Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers..
I love when i open youtube and see a new upload from Lostsec in my notifications!
☺️🙈❤️🫂
Hey Coffin, nice Fuff stuffs! Sending mental fist bumps
Bro gta 5 fan 😂
🤭❤️
Also pubg
@@sgowtham28 me too 🌟🌟💥💥
Congratulations for 10k buddy 💗🎉
thnq brother ❤️🤗
Great content 🎉, can you please do video for methodology when u find login pages how u work with that... Thank you 🙏
sure
I was waiting for this video..
Thanks bro..❤❤
❤️🤗
Can you please add caption according to video in your next videos.. this may help a lots of begginers
Bro, for bug bounty i need to learn the entire javascript , which are the parts i have to learning if anything I'm missing or extra please add it.
Thanks a lot for sharing u're knowledge to the community god bless you❤
just focus on owsp top 10bugs
@@lostsecc thanks bro
You de Man Mate🔥🔥🔥🔥🔥🥰🥰 U deserve Million Likes Bro💯💯💯💯
🙈❤️😇
@@lostsecc Wana Say Love U man💯 Your Xss Payload Worked for me mate. Waiting the outcome of my first H1 report. Your magic Works Bro♥️♥️♥️
Hey brother can you please share a xss pdf ?
i shared in my telegram channel bro
Hell Nah!!! . Bro got a official song too 💀💀
🤭🤭
What if the passwords shown are salted? How can you be sure they are real password? can we decrypt them or try logging in with them?
Great work bro. Learning so much from you!
use johntheripper tool with rockyou list
I know this is off topic: but to everyone running wsl2 in windows: I was able to install run Ubuntu 24.04 wsl2 on W11 bare metal host (the only way it works) but Kali wsl2 didn’t want to install: but: Any of you tried Running latest Ubuntu as your host and a kali VM inside virtualbox? That is where I have had the best luck. Was just wondering anyone else’s experience.
same url but when i give -mr for matching regex it wont give me anything!! where when I remove -c -mr "root:", it brings me result and then I have to filter it with size:1226.
why not working with -mr???????
make sure you have installed all tools used in this oneliner
@@lostsecc i have all the tools gf , waybackurls.. this ffuf cmd don't show anything with -c -mr without it its working
@@lostsecc why this -mr is not working i have followed same process and checked it 4 5 times still -mr not working
send me screenshot in telegram
Please check dm
عنجد بحب طؤيقتك بالشغل
you are great bro 😎
thnx man ❤️☺️
you could use burp intruder for this attack? Just wondering. Congrats on 10k!
yes u can but ffuf is so fastt and some more cool features
Yo man why you still rockin' Burp 1.7.13? Got a special reason or you just old school like that?... xD
its light weight and dont freez like latest burpsuite memory full problems ...
on my linux gf command not found, how do I do it? 🤥
you need to install gf pattren
I am following you. Good luck, my friend❤
🤗❤️
@@lostsecc What's the payloads/lfi.txt
I like the image you have for the background of your terminal.Please share the link😅
dm me in telegram
@@lostsecc okay
I don't understand ;-;
gf: command not found
urldedupe: command not found
waybackurls: command not found
you need to install all these commands
But what was in the response? I didn't understand.
etc passwd
Hey man, great content!! :) quick question, is ffuf better than intruder to test for lfi, etc?
yes it has very high speed threads mode+regex
@@lostsecc got it, will give a chance here! Thanks
Hello Brother I got this error whenever i tried to install GF tool i tried every method still i can't get solution
fatal: not a git repository (or any of the parent directories): .git
dm me in telegram give anydesk id
@@lostsecc Yes i did kindly check your DM
alert("1")
see the above comment is not filtered in the source why doesn't it run?
bcz of csp and all other protection and server side encoding..
how do you set a background image and logo on your terminal please coffin?
its option in window terminal download it from microsoft store
@@lostsecc Okay i did that , but when i duplicate the tab , the background dissapears :( and show another terminal not the usual one
Hey, Mate. How did you install URLdedupe on Windows 11???
just paste binary in /usr/local/bin
we need more from you...❤❤
sure ❤️
We can't use this trick for other attacks like the xss by changing the payload list Am I right?
you can try ssti by regex 49
@@lostsecc ok I am new please please could you elaborate it!
can i somehow configure ffuf so it doesnt show stuff like ././././../../etc/passwd instead of just ../../etc/passwd? I mean it's the same after all
just add normal lfi payload list
Bro how you check fod xss in multiple fields in one go can you tell please
use intruder there is many options like pitchfork etc
@lostsecc can i use it at same on different location
Congrats on 10k subs.
thnq bro ❤️🤗
Awesome brother ❤❤❤
Where can I get this awesome lfi payloads.
You have set your wallpaper kali .
i shared in telegram bro
What tool do you use for this ? And what is the purpose of using FUFF in the parameter ? And does it work only in php based endpoints? By doing this WAF don't block us ?
its work in all post and get param
How do you bypass waf when dirbusting with ffuf or wfuzz ?
change the ffuf default user-agent
Osmmm || ur content nd background music 😁🥳❣️
thnq ji 🤗❤️
@@lostsecc indian bolte
Can you please share the wordlist which u used first ?
i shared in my github
@@lostsecc bro your GitHub is not showing up in the index search. It shows 404 error
Song name?
dark beach
I'm waiting on demonstration of web defacement
Hi, amazing work bro! Where did you get wordlist? Can you share the link to this wordlist and other wordlists if you can
i shared in telegram bro
love watching the vids, this one was awesome 👍
thanks mate ❤️
bro i’m dumb ngl so i might be asking sum stupid but is it possible to change the screen res of an iphone 13 on ios 18 ??
bro i never tried it so no idea
@@lostsecc i thought maybe if restoring a modified backup on your pc you might be able to change the screen res inside it but maybe apple has security measures to not let that happen? if you have time i’ll genuinely give you a 20$ visa gift card to help me find a way to do it on ios 18 beta 2, i’ll pay you first too as long as you show me that it works bro
How to you install gta 5 without virus free bro?
i download from epicgames offical site
First!!
🙈❤️
why u use old version of burp?
latest burp consume lots if ram and hangs..old one is ligh weight and give good results..
How u find theese targets.
google
We are Kings Brother. I am King you are King. Bhai Bhai
❤️
the type of vuln is path traversal ??
yes lfi also
brother why u using old burp suite
its light weight in latsst burp its consume lots of ram and hangs alot also it has spider feature that will help u more
Bro can you make video in website info gathering and enumeration how professional get deeper information about website like subdomain endpoint directories present vulnerabilitys
ok
@@lostsecc thanks bro ❤️
hi bro could share the yours payloads ... that will be help full to us
sure
Bro what happened when we got this etc/passwd file and what's name of this vulnerability
LFI directory traversal
Do you have your github?
I need XSS payloads
github.com/coffinxp/payloads
@@lostsecc How did you make so many LFI payloads 💀💀💀
what about in modern webs like MEAN, MERN ?
you can try must change default user agent before ffuf command
How do you maks this colorized shell??? 💀💀💀
install window terminal with kali wsl2
@@lostsecc im asking for this spacific style with this spacific image. Its a default?
you need to change walpaper from its setting
can u share the list of the payloads pls?
i shared in telegram and github
@@lostsecc ur github account looks like is block :(
Also: I actually thought you were Russian. I’m thinking from India though cause everyone from India seems to be running wsl2 in W.
wsl2 is lit..no faced any problem till now
i like your channel , but bro be careful , what you're doing is illegal because you're live hacking real targets and uploading it to UA-cam , also the vulnerabilities that you are demonstrating are not patched yet , i tested it and it worked , Keep going my G and Be aware 😉
dont worry bro people want to watch real targets testing not labs
you're absolutely right bro.. keep doing it ...I personally love real life
But i really saw you after a lot of time
bro finilly I found your play list in telegram Channel 😂🤝
🙈❤️
Wich version of burp do you use and why dont use last version ?
latest burp consume lots of memory and hangs so i used old one its give better results and spider feature
@@lostsecc can u give me number of version pls ?
i shared in my github check out
@@lostsecc thx bro ❤️❤️
where can i get the lf1 payload
i shared in telegram
@@lostsecc whats your telegram
@@lostsecc found it and joined your telegram thanks so much
Fantastic as always 😍
thnx mate ❤️
first commends in lfi what file and i will try but error: no such pattern
you need to install gf pattren
@@lostsecc thankyou bro
بژی شیرە کور
Whay use ffuf? , bro use jast intruder in burp
intruder dont do much this much fast and not all have burp pro
in description
check telegram bro
bro what's the appliaton u write codes on?
window terminal wsl2 kali
hey bro you still remeber me? and nice you upgraded to windows 11 and bro i want to ask whats ur age and u from where?
privacy is power 🌝
@@lostsecc 🙂
Very helpful❤
❤️🤗
Which worldlist you used?
i will share in telegram
Song title bro? I felt excited when I heard it
dark beach slowed
show all command that you do
No talk, no write. Just moving cursor. Wow
🤗❤️
Hey Great Content Can I Get that lFI payloads file?
i shared in telegram channel must check
I can't find It in your telegram channel
background sound name
dark beach
Which terminal are you using
window terminal wsl2 kali
can you share wordlist brother?
Awesome video bro!
Keen to understand how you got the first command when piped to acknowledge
| gf lfi | urldedupe
I have waybackurls working but i am not sure how to get gf to see the lfi payload
you need to install gf and its pattren i shared in telegram
Sir it possible on random urls or only php pages
all post data or get param
@@lostsecc ok sir 😊
What is the terminal u are using ? How to get it
its window terminal with wsl2 kali you can install it from microsoft store
@@lostsecc thank you 👍 ....
Hey bro can you share your payload txt file ??
i shared in telegram
@@lostsecc thanks bro
where can i get that payload?
i will share in telegram
Please give us some new nuclei-templates 🙈 (your private templates ) 🌚
sure ❤️
Bro, you are a genius 😂
❤️🙈
Yo bro can you make a video on how to start bug hunting
ok
@@lostsecc yo bro are you indian?
Bro It was very hard 😂😂
❤️🤗
Can i have lfi payload?
i shared in telegram channel
very nice video
Bros os is windows and kali mixed😅
😎
@@lostsecc how do you do that that would be really helpful
wsl2 kali
Keep it up bro
🤗❤️
amazing, Brother
thnq brother ❤️😇
Love you bro!!!
love you three bro ❤️
crazy bro ❤💯🖐
amazing bro!
❤❤
but this is illegal !!
I want word list lfi
check telegram
Pro, I searched your telegram and found it, but searching on xss payloads I did not see it
@@lostsecc Hey bro,That word list has been deleted
@@lostsecc OK, I found it
Broo❤❤
🤗❤️
someone stole my comment luv u bro
love u three bro 🤗❤️