I have a question, we had LFI and if we upload the shell we could check for upload file name using it, why spend time to create php code to figure out the name?
The .microseconds field of the datetime.timedelta object doesn't give you the time in microseconds. It gives you the microseconds part of the time. That is, if the first request took 1 second and 150 microseconds, while the second only took 150 microseconds, they would both have r.elapsed.microseconds == 150. You got lucky with your code :)
I have noticed you always scan the top 1000 ports only. What if there is a service that is not in the top 1000 list? Isn't it better to scan all ports -p-? Yes, it will take longer but there is no chance of missing a port.
He does that too in the background usually. He doesn't do that when he already finds a good enough attack surface to work with using the default nmap scan range
It's funny that you say "it supports recursion, that's good" because years ago I think you were saying dirbuster's recursion takes way too long and you didn't like it
You are the best trainer🙏 🇮🇳
Great box and great video as always! love how you approache and explain everything!
Just wondering if you could have written some PHP code to the access log, and have that file included to get RCE.
A request. Can you make a video on how to create our own machines and also if possible how to submit them on htb.
Great writeup as always! ❤️
I have a question, we had LFI and if we upload the shell we could check for upload file name using it, why spend time to create php code to figure out the name?
include('shell. jpg') in php. What about .asp/.aspx?
how did you not even check if that password is valid for admin login 😅
The .microseconds field of the datetime.timedelta object doesn't give you the time in microseconds. It gives you the microseconds part of the time. That is, if the first request took 1 second and 150 microseconds, while the second only took 150 microseconds, they would both have r.elapsed.microseconds == 150. You got lucky with your code :)
no joke, this is really realistic. I found a 0day for a dating CMS with exactly this fault 😂
❤️
Why revshell and curl didn't work at first in image/upload url??
Firewall rules preventing it
I have noticed you always scan the top 1000 ports only. What if there is a service that is not in the top 1000 list? Isn't it better to scan all ports -p-? Yes, it will take longer but there is no chance of missing a port.
He does that too in the background usually. He doesn't do that when he already finds a good enough attack surface to work with using the default nmap scan range
ippsec always good timing
i wonder how , wonder why??
What's going on RUclips, this is John Hammond.
It's funny that you say "it supports recursion, that's good" because years ago I think you were saying dirbuster's recursion takes way too long and you didn't like it
Please increase sound