Exceptional content, learned a lot, thank you so much. You are amazing bro 👏 Two things I am confused with the POST request at 17:36 1. Why & How did the Token worked? Normally it should get expired once it gets used, right? Also, if this is the case, then how can I dynamically get the token from the webpage & use it to submit the account creation request. 2. You spelled submit incorrectly, still the form got submitted. Why & How?
PinkDraconian is no longer with us but I 100% agree, he's an amazing hacker and created some awesome video content for us 🥰 I didn't solve this machine but for (1) I would hazard a guess (without watching the full video) that the CSRF token either a) doesn't change (intentionally vulnerable) or b) the token resets on each refresh, but the page isn't refreshed before we use the captured token. (2) is probably that a POST request to /accounts container a username and password is all that's required for authentication. The "sumbit" parameter is set to "pinkdraconian" as well, which wouldn't really make sense.
good job man im starting love u hhh . but i need to repeat the video many times to understand well because as i said before English is not my native lang😭 but thank u so much 😍
I got a 200 response when send the payload, but i didn't received nothing in the server side. Can u help me with this ? I've tried it a lot of ways, with Python server, ngrok, webhookers, netcat, using other ports,etc.. But i never receive the resquest in the server side.
You are so good dude, it is so easy to understand even for someone new in this industry like me
Thank you! That's always nice to hear! Good luck in this incredible industry!
Awesome work man.
I'm Brazilian and even so it was super easy to understand your explanation. Thank you very much man.
Glad to hear that!
Wow man! So simple to understand yet so informative. Awesome work man. Keep it up.
Glad you liked it! Way more videos to come! 😀
Very nice! Very easy to understand. Thanks!
Glad it was helpful!
Awesome, mindblowing, thank you ! keep it up !
Thank you! Will do!
Exceptional content, learned a lot, thank you so much. You are amazing bro 👏
Two things I am confused with the POST request at 17:36
1. Why & How did the Token worked? Normally it should get expired once it gets used, right?
Also, if this is the case, then how can I dynamically get the token from the webpage & use it to submit the account creation request.
2. You spelled submit incorrectly, still the form got submitted. Why & How?
PinkDraconian is no longer with us but I 100% agree, he's an amazing hacker and created some awesome video content for us 🥰
I didn't solve this machine but for (1) I would hazard a guess (without watching the full video) that the CSRF token either a) doesn't change (intentionally vulnerable) or b) the token resets on each refresh, but the page isn't refreshed before we use the captured token.
(2) is probably that a POST request to /accounts container a username and password is all that's required for authentication. The "sumbit" parameter is set to "pinkdraconian" as well, which wouldn't really make sense.
Its good that draconian is getting a platform!
We are glad to have pink draconian on the team 😇
Great explaining I hope you do a lot like this video, Thanks
Thank you, I will
man that was really insane
😏
Super well explained.
Glad it was helpful! 🔥
I've just subscribed looking for more fire content like this in the future
Thanks for the sub! There is pleeeeenty more to come 😀
good job man im starting love u hhh . but i need to repeat the video many times to understand well because as i said before English is not my native lang😭 but thank u so much 😍
Hey, no problem! That's how you learn.. even when videos are in my native language, I often have to repeat many times to understand 😂
@@intigriti thanks i got ur point hhh 😂
Awesome work man.
Thanks a ton!
amazing and simply one
🙏🥰
Awesome work
Thanks a lot 😊
wow, great video :)
Thank you! 🙏🥰
Awesome
Thank you! 💜
Amazing Video !!!
Thanks! 💜
I got a 200 response when send the payload, but i didn't received nothing in the server side. Can u help me with this ? I've tried it a lot of ways, with Python server, ngrok, webhookers, netcat, using other ports,etc.. But i never receive the resquest in the server side.
Is everything else set up correctly? Could you maybe make a video or blog to show?
Not sure why but the second payload is not returning anything except a 200 response.. the first one worked just fine
Weird, did you end up figuring it out?
@@intigriti I did indeed! It was a mistake on my end. Thank you for the reply
Awesome, very informative
Thank you very much! We are happy if you like it 😎
Awesome! 😉
Thanks! 😄
I love the content.
🙏🥰
thanks
You're welcome!
Reflected xss to RCE ?
That won't be possible, afaik9
16:00 CSRF token are not stored as cookies!
Thanks for pointing out this mistake! My bad!
SECURITY
HACKING