This FFUF secret trick everybody need to know | Bug hunting poc
HTML-код
- Опубликовано: 28 июн 2024
- // Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing & bug hunting so that we can protect ourselves against the real hackers.. 
Наука
I love when i open youtube and see a new upload from Lostsec in my notifications!
☺️🙈❤️🫂
Hey Coffin, nice Fuff stuffs! Sending mental fist bumps
Bro gta 5 fan 😂
🤭❤️
Also pubg
@@sgowtham28 me too 🌟🌟💥💥
I was waiting for this video..
Thanks bro..❤❤
❤️🤗
Congratulations for 10k buddy 💗🎉
thnq brother ❤️🤗
Great content 🎉, can you please do video for methodology when u find login pages how u work with that... Thank you 🙏
sure
First!!
🙈❤️
Can you please add caption according to video in your next videos.. this may help a lots of begginers
Hell Nah!!! . Bro got a official song too 💀💀
🤭🤭
You de Man Mate🔥🔥🔥🔥🔥🥰🥰 U deserve Million Likes Bro💯💯💯💯
🙈❤️😇
@@lostsecc Wana Say Love U man💯 Your Xss Payload Worked for me mate. Waiting the outcome of my first H1 report. Your magic Works Bro♥️♥️♥️
عنجد بحب طؤيقتك بالشغل
you are great bro 😎
thnx man ❤️☺️
Bro, for bug bounty i need to learn the entire javascript , which are the parts i have to learning if anything I'm missing or extra please add it.
Thanks a lot for sharing u're knowledge to the community god bless you❤
just focus on owsp top 10bugs
@@lostsecc thanks bro
we need more from you...❤❤
sure ❤️
I am following you. Good luck, my friend❤
🤗❤️
@@lostsecc What's the payloads/lfi.txt
Hey brother can you please share a xss pdf ?
i shared in my telegram channel bro
Osmmm || ur content nd background music 😁🥳❣️
thnq ji 🤗❤️
@@lostsecc indian bolte
you could use burp intruder for this attack? Just wondering. Congrats on 10k!
yes u can but ffuf is so fastt and some more cool features
What if the passwords shown are salted? How can you be sure they are real password? can we decrypt them or try logging in with them?
Great work bro. Learning so much from you!
use johntheripper tool with rockyou list
Yo man why you still rockin' Burp 1.7.13? Got a special reason or you just old school like that?... xD
its light weight and dont freez like latest burpsuite memory full problems ...
love watching the vids, this one was awesome 👍
thanks mate ❤️
We are Kings Brother. I am King you are King. Bhai Bhai
❤️
بژی شیرە کور
same url but when i give -mr for matching regex it wont give me anything!! where when I remove -c -mr "root:", it brings me result and then I have to filter it with size:1226.
why not working with -mr???????
make sure you have installed all tools used in this oneliner
@@lostsecc i have all the tools gf , waybackurls.. this ffuf cmd don't show anything with -c -mr without it its working
@@lostsecc why this -mr is not working i have followed same process and checked it 4 5 times still -mr not working
send me screenshot in telegram
Please check dm
Hey man, great content!! :) quick question, is ffuf better than intruder to test for lfi, etc?
yes it has very high speed threads mode+regex
@@lostsecc got it, will give a chance here! Thanks
Hey, Mate. How did you install URLdedupe on Windows 11???
just paste binary in /usr/local/bin
how do you set a background image and logo on your terminal please coffin?
its option in window terminal download it from microsoft store
@@lostsecc Okay i did that , but when i duplicate the tab , the background dissapears :( and show another terminal not the usual one
alert("1")
see the above comment is not filtered in the source why doesn't it run?
bcz of csp and all other protection and server side encoding..
Very helpful❤
❤️🤗
Congrats on 10k subs.
thnq bro ❤️🤗
on my linux gf command not found, how do I do it? 🤥
you need to install gf pattren
I know this is off topic: but to everyone running wsl2 in windows: I was able to install run Ubuntu 24.04 wsl2 on W11 bare metal host (the only way it works) but Kali wsl2 didn’t want to install: but: Any of you tried Running latest Ubuntu as your host and a kali VM inside virtualbox? That is where I have had the best luck. Was just wondering anyone else’s experience.
I don't understand ;-;
gf: command not found
urldedupe: command not found
waybackurls: command not found
you need to install all these commands
But what was in the response? I didn't understand.
etc passwd
Awesome brother ❤❤❤
Where can I get this awesome lfi payloads.
You have set your wallpaper kali .
i shared in telegram bro
What tool do you use for this ? And what is the purpose of using FUFF in the parameter ? And does it work only in php based endpoints? By doing this WAF don't block us ?
its work in all post and get param
I'm waiting on demonstration of web defacement
Bro how you check fod xss in multiple fields in one go can you tell please
use intruder there is many options like pitchfork etc
@lostsecc can i use it at same on different location
Fantastic as always 😍
thnx mate ❤️
bro finilly I found your play list in telegram Channel 😂🤝
🙈❤️
Bro can you make video in website info gathering and enumeration how professional get deeper information about website like subdomain endpoint directories present vulnerabilitys
ok
@@lostsecc thanks bro ❤️
We can't use this trick for other attacks like the xss by changing the payload list Am I right?
you can try ssti by regex 49
@@lostsecc ok I am new please please could you elaborate it!
Can you please share the wordlist which u used first ?
i shared in my github
@@lostsecc bro your GitHub is not showing up in the index search. It shows 404 error
Song name?
dark beach
Hi, amazing work bro! Where did you get wordlist? Can you share the link to this wordlist and other wordlists if you can
i shared in telegram bro
But i really saw you after a lot of time
why u use old version of burp?
latest burp consume lots if ram and hangs..old one is ligh weight and give good results..
I like the image you have for the background of your terminal.Please share the link😅
dm me in telegram
@@lostsecc okay
How do you bypass waf when dirbusting with ffuf or wfuzz ?
change the ffuf default user-agent
brother why u using old burp suite
its light weight in latsst burp its consume lots of ram and hangs alot also it has spider feature that will help u more
Hello Brother I got this error whenever i tried to install GF tool i tried every method still i can't get solution
fatal: not a git repository (or any of the parent directories): .git
dm me in telegram give anydesk id
@@lostsecc Yes i did kindly check your DM
Keep it up bro
🤗❤️
bro i’m dumb ngl so i might be asking sum stupid but is it possible to change the screen res of an iphone 13 on ios 18 ??
bro i never tried it so no idea
@@lostsecc i thought maybe if restoring a modified backup on your pc you might be able to change the screen res inside it but maybe apple has security measures to not let that happen? if you have time i’ll genuinely give you a 20$ visa gift card to help me find a way to do it on ios 18 beta 2, i’ll pay you first too as long as you show me that it works bro
can i somehow configure ffuf so it doesnt show stuff like ././././../../etc/passwd instead of just ../../etc/passwd? I mean it's the same after all
just add normal lfi payload list
Do you have your github?
I need XSS payloads
github.com/coffinxp/payloads
@@lostsecc How did you make so many LFI payloads 💀💀💀
Bro, you are a genius 😂
❤️🙈
How u find theese targets.
google
the type of vuln is path traversal ??
yes lfi also
Also: I actually thought you were Russian. I’m thinking from India though cause everyone from India seems to be running wsl2 in W.
wsl2 is lit..no faced any problem till now
hi bro could share the yours payloads ... that will be help full to us
sure
amazing, Brother
thnq brother ❤️😇
very nice video
hey bro you still remeber me? and nice you upgraded to windows 11 and bro i want to ask whats ur age and u from where?
privacy is power 🌝
@@lostsecc 🙂
How to you install gta 5 without virus free bro?
i download from epicgames offical site
Wich version of burp do you use and why dont use last version ?
latest burp consume lots of memory and hangs so i used old one its give better results and spider feature
@@lostsecc can u give me number of version pls ?
i shared in my github check out
@@lostsecc thx bro ❤️❤️
what about in modern webs like MEAN, MERN ?
you can try must change default user agent before ffuf command
Broo❤❤
🤗❤️
Bro what happened when we got this etc/passwd file and what's name of this vulnerability
LFI directory traversal
can u share the list of the payloads pls?
i shared in telegram and github
@@lostsecc ur github account looks like is block :(
i like your channel , but bro be careful , what you're doing is illegal because you're live hacking real targets and uploading it to RUclips , also the vulnerabilities that you are demonstrating are not patched yet , i tested it and it worked , Keep going my G and Be aware 😉
dont worry bro people want to watch real targets testing not labs
you're absolutely right bro.. keep doing it ...I personally love real life
crazy bro ❤💯🖐
How do you maks this colorized shell??? 💀💀💀
install window terminal with kali wsl2
@@lostsecc im asking for this spacific style with this spacific image. Its a default?
you need to change walpaper from its setting
❤❤
bro what's the appliaton u write codes on?
window terminal wsl2 kali
Song title bro? I felt excited when I heard it
dark beach slowed
Which worldlist you used?
i will share in telegram
Whay use ffuf? , bro use jast intruder in burp
intruder dont do much this much fast and not all have burp pro
where can i get the lf1 payload
i shared in telegram
@@lostsecc whats your telegram
@@lostsecc found it and joined your telegram thanks so much
No talk, no write. Just moving cursor. Wow
🤗❤️
verry helpfull bro
🤗❤️
Which terminal are you using
window terminal wsl2 kali
Love you bro!!!
love you three bro ❤️
Hey Great Content Can I Get that lFI payloads file?
i shared in telegram channel must check
I can't find It in your telegram channel
background sound name
dark beach
amazing bro!
Please give us some new nuclei-templates 🙈 (your private templates ) 🌚
sure ❤️
Sir it possible on random urls or only php pages
all post data or get param
@@lostsecc ok sir 😊
Yo bro can you make a video on how to start bug hunting
ok
@@lostsecc yo bro are you indian?
first commends in lfi what file and i will try but error: no such pattern
you need to install gf pattren
@@lostsecc thankyou bro
Bro It was very hard 😂😂
❤️🤗
can you share wordlist brother?
What is the terminal u are using ? How to get it
its window terminal with wsl2 kali you can install it from microsoft store
@@lostsecc thank you 👍 ....
where can i get that payload?
i will share in telegram
Hey bro can you share your payload txt file ??
i shared in telegram
@@lostsecc thanks bro
Smart trick!
🤗
Awesome video bro!
Keen to understand how you got the first command when piped to acknowledge
| gf lfi | urldedupe
I have waybackurls working but i am not sure how to get gf to see the lfi payload
you need to install gf and its pattren i shared in telegram
in description
check telegram bro
Dude 🎉❤
❤️🤗
show all command that you do
Can i have lfi payload?
i shared in telegram channel
t