Directory Traversal attacks are scary easy

Поделиться
HTML-код
  • Опубликовано: 11 июл 2024
  • 00:00 intro
    00:20 primer
    01:06 simple example
    04:44 resources
    05:37 bypassing non-recursive filters
    09:27 outro
    Pentests & Security Consulting: tcm-sec.com
    Get Trained: academy.tcm-sec.com
    Get Certified: certifications.tcm-sec.com
    Merch: merch.tcm-sec.com
    Sponsorship Inquiries: info@thecybermentor.com
    📱Social Media📱
    ___________________________________________
    Twitter: / thecybermentor
    Twitch: / thecybermentor
    Instagram: / thecybermentor
    LinkedIn: / heathadams
    TikTok: / thecybermentor
    Discord: / discord
    💸Donate💸
    ___________________________________________
    Like the channel? Please consider supporting me on Patreon:
    / thecybermentor
    Support the stream (one-time): streamlabs.com/thecybermentor
    Hacker Books:
    Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
    The Hacker Playbook 3: amzn.to/34XkIY2
    Hacking: The Art of Exploitation: amzn.to/2VchDyL
    The Web Application Hacker's Handbook: amzn.to/30Fj21S
    Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
    Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
    Linux Basics for Hackers: amzn.to/34WvcXP
    Python Crash Course, 2nd Edition: amzn.to/30gINu0
    Violent Python: amzn.to/2QoGoJn
    Black Hat Python: amzn.to/2V9GpQk
    My Build:
    lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
    darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
    EVGA 2080TI: amzn.to/30d2lj7
    MSI Z390 MotherBoard: amzn.to/30eu5TL
    Intel 9700K: amzn.to/2M7hM2p
    G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
    Razer Nommo Chroma Speakers: amzn.to/30bWjiK
    Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
    CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
    Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
    My Recording Equipment:
    Panasonic G85 4K Camera: amzn.to/2Mk9vsf
    Logitech C922x Pro Webcam: amzn.to/2LIRxAp
    Aston Origin Microphone: amzn.to/2LFtNNE
    Rode VideoMicro: amzn.to/309yLKH
    Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
    Elgato Cam Link 4K: amzn.to/2QlicYx
    Elgate Stream Deck: amzn.to/2OlchA5
    *We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
  • НаукаНаука

Комментарии • 20

  • @blaqsense8073
    @blaqsense8073 Год назад +8

    Love your teaching.... great job and learned something today

  • @lokeshn8850
    @lokeshn8850 7 месяцев назад

    Amazing teacher.

  • @CyberDTech
    @CyberDTech 5 месяцев назад +2

    easy tip, copy all the possible directory traversal payloads, go to your intruder, paste it there, then attack, observe the response codes and wait for whichever that gives you 200k. saves you so much stress btw.

  • @danielkibret8271
    @danielkibret8271 3 месяца назад

    WOW Really Amazing 😋😋😋

  • @wendy_113
    @wendy_113 9 месяцев назад

    “Many thanks”

  • @lancemarchetti8673
    @lancemarchetti8673 Год назад

    Oh yeah!

  • @j3z741
    @j3z741 Год назад +15

    7:32 i think you forgot to remove the 'f' before 'etc'

  • @whitehat_stanley
    @whitehat_stanley Год назад +1

    I am trying to purchase the 'pratical ethical hacking course' on TCM security website but i keep getting directed to the order page where I have pay for monthly subscription, i dont want monthly subscriptions i just want to pay for one course only.. I need your assistance

    • @babayaga8663
      @babayaga8663 Год назад +1

      I think they changed from single course system to monthly subscription. They've already talked about it.

  • @fejoko7900
    @fejoko7900 Год назад +2

    Why do all people use foxy proxy instead of using the integrated browser in burpsuite? I dont get the difference....

    • @kexerino
      @kexerino Год назад +1

      I don't really know how the burp browser works, but maybe saved bookmarks and extensions?

    • @xSkidMarx
      @xSkidMarx Год назад

      foxy proxy is an nsa honey pot so it helps our nation state improve their web attacks

    • @L337H4X
      @L337H4X Год назад +2

      Idk, but what is first obvious to me is probably because It's quick to switch between different ports and IPS as you can add differen profiles. Even if you plan to just use Burpsuit or just one port eg. 8080, having the extention pre-setup means you can just enable it by clicking the extention instead of always going to settings, searching, and finding the network settings, and then manually typing the port and host everytime. Useful for people that do this often

    • @william_ade
      @william_ade Год назад

      Sometimes the community version has issues

    • @trikto9120
      @trikto9120 8 месяцев назад

      @@L337H4X yes

  • @ihavelowiq2723
    @ihavelowiq2723 Год назад +1

    3:24 can some one says what was that windows readable file

  • @alejandroparrello6493
    @alejandroparrello6493 Год назад

    Amazing Sr!! Could you show us how to test on IIS services? Or some examples where to read about?
    Regards from Argentina 🫡🙌

Следующие
Автовоспроизведение
Web App Hacking with Caido.io1:57:48Web App Hacking with Caido.io
Web App Hacking with Caido.ioThe Cyber Mentor
Просмотров 12 тыс.
Hacking APIs: Fuzzing 10113:29Hacking APIs: Fuzzing 101
Hacking APIs: Fuzzing 101The Cyber Mentor
Просмотров 46 тыс.
Directory Traversal | Complete Guide22:33Directory Traversal | Complete Guide
Directory Traversal | Complete GuideRana Khalil
Просмотров 18 тыс.
I'm Pregnant, My Journey So Far09:01I'm Pregnant, My Journey So Far
I'm Pregnant, My Journey So FarGypsy Rose Blanchard
Просмотров 448 тыс.
Paul George on Signing with 76ers, Clippers Contract Negotiations, Conversation with Kawhi & More1:12:01Paul George on Signing with 76ers, Clippers Contract Negotiations, Conversation with Kawhi & More
Paul George on Signing with 76ers, Clippers Contract Negotiations, Conversation with Kawhi & MorePodcast P with Paul George
Просмотров 462 тыс.
Shakur Stevenson Puts On A Clinic At Home | FIGHT HIGHLIGHTS02:11Shakur Stevenson Puts On A Clinic At Home | FIGHT HIGHLIGHTS
Shakur Stevenson Puts On A Clinic At Home | FIGHT HIGHLIGHTSTop Rank Boxing
Просмотров 720 тыс.
Deadpool & Wolverine & The Bachelorette01:01Deadpool & Wolverine & The Bachelorette
Deadpool & Wolverine & The BacheloretteRyan Reynolds
Просмотров 1,9 млн
Cracking JSON Web Tokens14:34Cracking JSON Web Tokens
Cracking JSON Web TokensThe Cyber Mentor
Просмотров 55 тыс.
Path Traversal in Action! - Billu Walkthrough Ep112:03Path Traversal in Action! - Billu Walkthrough Ep1
Path Traversal in Action! - Billu Walkthrough Ep1thehackerish
Просмотров 3,9 тыс.
OSINT | How to Gather Information on ANYONE!11:25OSINT | How to Gather Information on ANYONE!
OSINT | How to Gather Information on ANYONE!AI Video Hub
Просмотров 10 тыс.
Blind SQL Injection Made Easy11:39Blind SQL Injection Made Easy
Blind SQL Injection Made EasyThe Cyber Mentor
Просмотров 29 тыс.
What is the BEST Hacking Platform?9:30What is the BEST Hacking Platform?
What is the BEST Hacking Platform?The Cyber Mentor
Просмотров 35 тыс.
Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!34:52Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!David Bombal
Просмотров 317 тыс.
the CHEAPEST path to becoming an ethical hacker17:14the CHEAPEST path to becoming an ethical hacker
the CHEAPEST path to becoming an ethical hackerThe Cyber Mentor
Просмотров 73 тыс.
Next Level API Hacking with Kiterunner8:02Next Level API Hacking with Kiterunner
Next Level API Hacking with KiterunnerThe Cyber Mentor
Просмотров 22 тыс.
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs9:53My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLs
My $20,000 S3 bug that leaked everyone’s attachments - S3 bucket misconfig of pre-signed URLsBug Bounty Reports Explained
Просмотров 22 тыс.
🔥 Лютая вещь для геймеров Да и вообще для тех кто проводит время за компом 💻00:20🔥 Лютая вещь для геймеров Да и вообще для тех кто проводит время за компом 💻
🔥 Лютая вещь для геймеров Да и вообще для тех кто проводит время за компом 💻Pochinka_blog
Просмотров 2,2 млн
ОБМАНУЛИ Вот что не так с этой клавиатурой от ZONE5100:27ОБМАНУЛИ Вот что не так с этой клавиатурой от ZONE51
ОБМАНУЛИ Вот что не так с этой клавиатурой от ZONE51dizzi
Просмотров 19 тыс.
Samsung Galaxy Unpacked 2024 - Презентация Galaxy Watch Ultra, Buds 3, Galaxy Ring, Fold 62:18:41Samsung Galaxy Unpacked 2024 - Презентация Galaxy Watch Ultra, Buds 3, Galaxy Ring, Fold 6
Samsung Galaxy Unpacked 2024 - Презентация Galaxy Watch Ultra, Buds 3, Galaxy Ring, Fold 6Техно Гарри
Просмотров 25 тыс.
Как работает экосистема Apple?18:08Как работает экосистема Apple?
Как работает экосистема Apple?THE ROCO
Просмотров 27 тыс.
Сохрани и проверь свои настройки камеры, именно форматы ProRes ✅00:24Сохрани и проверь свои настройки камеры, именно форматы ProRes ✅
Сохрани и проверь свои настройки камеры, именно форматы ProRes ✅Лена Тропоцел
Просмотров 1,4 млн
WATERPROOF RATED IP-69🌧️#oppo #oppof27pro#oppoindia00:10WATERPROOF RATED IP-69🌧️#oppo #oppof27pro#oppoindia
WATERPROOF RATED IP-69🌧️#oppo #oppof27pro#oppoindiaFivestar Mobile
Просмотров 17 млн
ИГРОВОЙ ПК ЗА 10К КОТОРЫЙ ДЕЙСТВИТЕЛЬНО ТАЩИТ В 2024 ГОДУ / СБОРКА ПК ЗА 10000 РУБЛЕЙ by KOMPUKTER12:15ИГРОВОЙ ПК ЗА 10К КОТОРЫЙ ДЕЙСТВИТЕЛЬНО ТАЩИТ В 2024 ГОДУ / СБОРКА ПК ЗА 10000 РУБЛЕЙ by KOMPUKTER
ИГРОВОЙ ПК ЗА 10К КОТОРЫЙ ДЕЙСТВИТЕЛЬНО ТАЩИТ В 2024 ГОДУ / СБОРКА ПК ЗА 10000 РУБЛЕЙ by KOMPUKTERKOMPUKTER
Просмотров 316 тыс.
Лучшие Повербанки с Magsafe и Мощная Зарядная Станция от MoveSpeed22:09Лучшие Повербанки с Magsafe и Мощная Зарядная Станция от MoveSpeed
Лучшие Повербанки с Magsafe и Мощная Зарядная Станция от MoveSpeedРасПаковка ДваПаковка
Просмотров 45 тыс.