Directory Traversal attacks are scary easy
HTML-код
- Опубликовано: 11 июл 2024
- 00:00 intro
00:20 primer
01:06 simple example
04:44 resources
05:37 bypassing non-recursive filters
09:27 outro
Pentests & Security Consulting: tcm-sec.com
Get Trained: academy.tcm-sec.com
Get Certified: certifications.tcm-sec.com
Merch: merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: / thecybermentor
Twitch: / thecybermentor
Instagram: / thecybermentor
LinkedIn: / heathadams
TikTok: / thecybermentor
Discord: / discord
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
/ thecybermentor
Support the stream (one-time): streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: amzn.to/31GN7iX
The Hacker Playbook 3: amzn.to/34XkIY2
Hacking: The Art of Exploitation: amzn.to/2VchDyL
The Web Application Hacker's Handbook: amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: amzn.to/31HAmVx
Linux Basics for Hackers: amzn.to/34WvcXP
Python Crash Course, 2nd Edition: amzn.to/30gINu0
Violent Python: amzn.to/2QoGoJn
Black Hat Python: amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: amzn.to/30d1UW1
EVGA 2080TI: amzn.to/30d2lj7
MSI Z390 MotherBoard: amzn.to/30eu5TL
Intel 9700K: amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: amzn.to/2M638Zb
Razer Nommo Chroma Speakers: amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones: amzn.to/31MOgpu
My Recording Equipment:
Panasonic G85 4K Camera: amzn.to/2Mk9vsf
Logitech C922x Pro Webcam: amzn.to/2LIRxAp
Aston Origin Microphone: amzn.to/2LFtNNE
Rode VideoMicro: amzn.to/309yLKH
Mackie PROFX8V2 Mixer: amzn.to/31HKOMB
Elgato Cam Link 4K: amzn.to/2QlicYx
Elgate Stream Deck: amzn.to/2OlchA5
*We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. Наука
Love your teaching.... great job and learned something today
Amazing teacher.
easy tip, copy all the possible directory traversal payloads, go to your intruder, paste it there, then attack, observe the response codes and wait for whichever that gives you 200k. saves you so much stress btw.
WOW Really Amazing 😋😋😋
“Many thanks”
Oh yeah!
7:32 i think you forgot to remove the 'f' before 'etc'
true
I am trying to purchase the 'pratical ethical hacking course' on TCM security website but i keep getting directed to the order page where I have pay for monthly subscription, i dont want monthly subscriptions i just want to pay for one course only.. I need your assistance
I think they changed from single course system to monthly subscription. They've already talked about it.
Why do all people use foxy proxy instead of using the integrated browser in burpsuite? I dont get the difference....
I don't really know how the burp browser works, but maybe saved bookmarks and extensions?
foxy proxy is an nsa honey pot so it helps our nation state improve their web attacks
Idk, but what is first obvious to me is probably because It's quick to switch between different ports and IPS as you can add differen profiles. Even if you plan to just use Burpsuit or just one port eg. 8080, having the extention pre-setup means you can just enable it by clicking the extention instead of always going to settings, searching, and finding the network settings, and then manually typing the port and host everytime. Useful for people that do this often
Sometimes the community version has issues
@@L337H4X yes
3:24 can some one says what was that windows readable file
boot.ini file.
@@hasenel3731 thanks mate.
Amazing Sr!! Could you show us how to test on IIS services? Or some examples where to read about?
Regards from Argentina 🫡🙌