HackTheBox "Business CTF" - Time - Command Injection
HTML-код
- Опубликовано: 28 авг 2024
- If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/g... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/john...
E-mail: johnhammond010@gmail.com
Discord: johnhammond.or...
Twitter: / _johnhammond
GitHub: github.com/Joh...
Really enjoyed the time you took to explain this one. it's pretty straight forward, but this format would be great for beginners. love your work
this makes me want to try some of these myself
Yeah same, the problem is that Ive never done anything like that lol
Just wanted to say I'm new in the I.T. industry, read A+ and studying for my Network + cert while pursuing cyber security and watching these videos and having you explain things is really helpful for me despite how basic some of these are. Just wanted to say I appreciate the content this way.
Followed you up since start of the year and quality has evolved in the meantime. Keep It up📼
This little breadcrumbs are so essential, thanks for sharing 👌👍
I like the tune after the video ending
I love your work John! ❤️
Love your content John....learn more and more.....greeting from indonesia
absolutely love your videos John
Love the CTF videos! Keep that up man!
yay john is going back to his roots
I learned a lot from this ctf.
The reason it didn't work in the browser/curl was because you were using && instead of ;
&& runs the second command only if the first command ran successfully
; runs the second command regardless of the first command
And since the first command is `date ''` which returns an error, the second command never ran!
?format='; whoami # still fails in the browser.
The command would run `date +''`, which doesn't error, and returns an error code of 0 indicating it succeeded. It just has an empty string for a format string :)
@@_JohnHammond I believe the reason it does not work in browser is because # is never sent to the server as it is the "fragment identifier". However, URL encoding it to %23 might have worked IMO :)
Thank you for great video as always!
Awesome content, getting to learn some new stuff :)
Can you please tell us why it didn't work with curl or browser? And why it's working only python?
brilliant
love your videos man
Really helpful thank you
What happened to the dark web series?
Great video's mate.
Yayyyyy ctfs!!!!!!
Love ur vids
That was good
u are awsome
I am first command. Holy YES!
Me first to reply you and second to comment 😏
Me second to replay and third comment
@@nizarel-marzouki9076 me third to reply and 4th to comment :)
5th. baby!!!
You may be first to command but not to comment
Htb ca 2024 had same challenge again this year lol
hey how did u crack the password? that time it was unprotected but now password is required. actually I am new here
to the 8 people who disliked, Why?
Sir ... if possible ... please release a video on Pegasus spyware ...
shebang
Update your chrome
Nice try!
2nd comment because replies to comments don’t count.
3rd Comment Muahahaaaa
7th