XML Object Exfiltration - HackTheBox Cyber Apocalypse CTF "E. Tree"
HTML-код
- Опубликовано: 19 окт 2024
- Moving your first steps into hacking? Start from HTB Academy: bit.ly/3vuWp08
Hungry for more hacking training? Join Hack The Box now: bit.ly/331nQCl
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/john...
E-mail: johnhammond010@gmail.com
Discord: johnhammond.or...
Twitter: / _johnhammond
GitHub: github.com/Joh...
I love the fact that you’re doing CTF stuff, every influencer is doing mostly box pwning and ctfs develop those quick thought skills required. Nice to see a pro do it 👊🏻
Not gonna lie, I was lost on the whole video but I loved it! Insane stuff John!
Loving these videos as always John! I'm now beginning to actually understand what it is you're writing so its a lot easier to follow along. Keep up the grind, love to see it!
Call me crazy but the way he’s going through this isn’t a normal happening out in the wild. It’s too obvious and too rehearsed, he never went into anything technical, it was more of a Öh of course”kind of thing. WITH everything nice and tidy and human readable, one natural logical discovery flowing into the next, it’s like watching someone go through a page of pseudocode. Idk 🤷 I just have not seen any actual exploits work so fluidly and without any obfuscation put into the so called errors he was getting.
That was fun, I felt the same feeling watching you as I do when I'm not sure if this is the right track or not! Good job!
Really great solution John, probably I will never figure out that challenge.
Leaking the last part of flag was hard. New thing !
I've been really enjoying these videos! I'm a game programmer by trade and this is far enough outside my wheelhouse
that I'm learning a ton, but close enough that everything is super easy to follow. A lot of stuff has quickly gotten demystified for me over the past few weeks :p Keep it up!
A real one? Actually that’s mean to say these days, so instead one that designs his own game engines and that does the physics and complex logic, like linear algebra and combinatorics maths (M ̈obius functions for breakfast) OR a GUI drag-n-drop Unreal Engine guy?
@@cedricvillani8502 Says the guy with an "introduction to Unity's new visual scripting tool" vid in his playlist?
For reak though, whatever it is that's making you feel so negative, I hope it passes soon
algorithm, love learning by watching you learn
Like algorithms you do? Ok.. Let P = Bn, the Boolean algebra of subsets of {1,2,...,n} ordered by inclusion. Let 2 be the poset with two elements (it has two elements ˆ0 ≤ ˆ1) ✅ WiTh M3 S0 FAR?? OK Cool 😎 SO….. because we can view Bn as a zero-one vector. Let us compute μ for Bn. μ for 2 is given by μ(0,0) = μ(1,1) = 1 and μ(0,1) = −1. With the lemma, we find that μ(T,S) = (−1)|T−S| i.e. μ(T,S) = (−1)# times T and S differ. I think the only thing Mr. Hammond is learning is how to make a RUclips Video about Hacking, without actually showing any real useable code so it doesn’t get the BAN hammer 🔨 and costing him a ton of money 💰. It is fun fiction though
I think the second part would have been easier if you had changed the search to ends-with starting with a closing curly braces and reversing the string afterwards :) nevertheless great video! :)
Yea good idea exploiting known knowledge of the flag. His method would also not work if the first char of the second part of the flag started with a 'C'. My initial idea was to leak name, so you ignore the staff with the first part of the flag completely on your second blind sql injection. My method would have took longer, but in theory it would work irregardless what the second part of flag contained.
Thanks for great video ... really enjoying python part of solving problems
I think one other thing you could have done is provide an XPath that selected the n-th occurrence of selfDestructCode.
watching a sequential string search is fun, but painful - kinda like mxsturbating with a cheese grater. it's easier finding the string length first, then doing a binary search. still, great job getting there. i rather enjoy your content. :3
This was fun to watch, thanks JH
11:14 confusion
it creates entropy
thank you
13:51 [✓] moving "toward" a limit, [✓] moving "towards" a limit
John ! Thanks again ! Just took a little time to get how you reached the second occurence. It clicked just after asking on your Discord :-)
Appreciate these videos Sir! Thanks!!
This felt a bit like everything looking like a nail once you have a hammer.
owe knew the key ended with } so maybe "ends-with" would have been easier for the second part?
It’s a logical flow, so anyone, even people who don’t program can follow along and even guess at the answer before he types it. Very mentally rewarding, I mean even the error’s were giving pseudocode answers.
dude that was awesome
That was fun, thx
Amazing John!!
I feel like John is gonna be so hyped about Python 3.10's new match-case statement
@panda doesn't need END
@panda It's basically switch-case on steroids
Good content!
Almighty ALGO!!!
I am not sure what the { did in the string concatenation, but both expressions should work without it as only the fist flag part starts with it.
Nice video bro 👍👍
John, what song is the Outro , it sounds like a very cool instrumental? :D
Great
Could be a really stupid question, but what is actually the limiting factor in the speed of trying different characters? Is it Network speed to the box or could it be made faster if you used multi threading to try multiple possible combinations at once?
@johnhammond, don't know if this will help in the future but there is xcat for kali that can be used. I know you use parrot and Ubuntu and stuff, but xcat is a tool for XPath injection and can be used with blind XPath. I learned about it in eWPT
He knows, it was even in the document he showed in the beginning, but would not have made a very entertaining story. Not to mention it would be to close to something someone could do in the real world and possibly cost him his RUclips channel, and that is a big $$$ deal. I wouldn’t see why he would risk it, he probably wrote this CTF in the first place. John has taken on and beaten ppl in the real world, like at Def-Con.
Do you usually find on a job you are guessing how the sql or xpath that the developer wrote is structured or do cheat sheets and scripts usually get you all the way there?
HAHA right , I wish when I got errors they gave me the fix and clue to the next step in Pseudocode
Nice
Nice stuff ❤️
The outro is just build different
Can you do a video of you explaining your videos. The methods you're using and your mindset when you're faced with the challenge.
You are kidding right ?
@@ko-Daegu no, you must not get the question.
You mean explains how to not only code the problem (ex. CTF) but also do a human readable “hack”that won’t actually work in the real world? Because yes I’m also curious, and I wonder if he employs a few other programmers to make sure he doesn’t step to far outa line and cost him a lot of money
Are you doing all of this on a VM, wsl2 or Linux os?
Can someone help me understand how exactly the second part worked for the second part of the flag!?!
im confused how that 2nd injection even worked lol i kept saying the answer was //selfDestructCode[1].StartsWith
or whatever
Hay, how can someone contact you for a CTF teaching
I hope HTB discord would be better than THM in terms of helping people who dont know how to solve something and also the mods😅
Hello, Computer? - John Hammond 2021
Or Star Trek IV when Scotty grabbed the computer mouse and tried to talk to it saying, "Hello Computer ." 🤣🤣
Great content, as always! I seem to learn something new that I should've already known, every time.
What is problem with python 2 ?
5INALLY !!!
Some john hammond things
sorry that i haven't watched the stream because of the dummy isp
Edit : me see john do some blind things and it works 😐🤨😬🤯🤯🤯😵
Can you make Hardware hacking?
what Linux distro is Mr. John using ??
Ubuntu i think
@@nothingnothing1799 +
@@nothingnothing1799 What DE tho?
please start with basic to advanced daily 1 ctf basic to advanced 🙏
Hello
hello yt algorithm
more x path injection
22:20 I'm no hacker lol but I'm pretty sure you could've reversed the original script to check using XPath ends-with instead of using starts-with.
Burp suite 4woinders one 🕐 nod pasbul
I have watched a lot of you videos and enjoy them. I guess I finally have to ask. Why is your face on the screen? It doesn't benefit the viewer at all. In fact all it does is get in the way. Is it an ego thing?
It’s a BRAND thing.