Размер видео: 1280 X 720853 X 480640 X 360
Показать панель управления
Автовоспроизведение
Автоповтор
Thanks for another briliant tutorial .Great job
👊
THanks so much for this video Intigriti!!!! You guys are awesomee
Our pleasure!
4:14 when you say is any host in the internal network vuln to shellshock, internal network meaning origin server or would you also have to bypass a CDN like CloudFlare or AWS in order to exploit?
Once you've found and exploited the SSRF, it's the web server scanning the internal network which is unlikely to be protected.
That's an interesting explanation!!! Thanks
Glad you liked it!
Awesome as usual ma man 🤩 but why did u put this { foo;} ? and what is his role in this process 🙃
Thank you! The "foo" bit isn't needed, shellshock payloads often just use "() {:;}" to declare the bash function.
@@intigriti i see thanks again ❤
Thanks for sharing. Nice video :)
Thank you!
i used other commands like id, /etc/passwd .. they are not working.why only whoami command working?
There could be a number of measures in place preventing you from running other commands.
On every target ,do we have to try same IP? or where can we get IP?
This is something you'd have to guess. Read up on private IP ranges and then you'll see which to scan!
Nice.
Thanks.
😍😍😍
😘
This vulnerability is common is websites?
SSRFs have become quite common!
Thnx!
Welcome!
Thanks
Welcome
First!
🏎
This is it time to shut them down. lol JK
👀 😋
Thanks for another briliant tutorial .Great job
👊
THanks so much for this video Intigriti!!!! You guys are awesomee
Our pleasure!
4:14 when you say is any host in the internal network vuln to shellshock, internal network meaning origin server or would you also have to bypass a CDN like CloudFlare or AWS in order to exploit?
Once you've found and exploited the SSRF, it's the web server scanning the internal network which is unlikely to be protected.
That's an interesting explanation!!! Thanks
Glad you liked it!
Awesome as usual ma man 🤩 but why did u put this { foo;} ? and what is his role in this process 🙃
Thank you! The "foo" bit isn't needed, shellshock payloads often just use "() {:;}" to declare the bash function.
@@intigriti i see thanks again ❤
Thanks for sharing. Nice video :)
Thank you!
i used other commands like id, /etc/passwd .. they are not working.why only whoami command working?
There could be a number of measures in place preventing you from running other commands.
On every target ,do we have to try same IP? or where can we get IP?
This is something you'd have to guess. Read up on private IP ranges and then you'll see which to scan!
Nice.
Thanks.
😍😍😍
😘
This vulnerability is common is websites?
SSRFs have become quite common!
Thnx!
Welcome!
Thanks
Welcome
First!
🏎
This is it time to shut them down. lol JK
👀 😋