Это видео недоступно.
Сожалеем об этом.
LFI aka Directory traversal mass hunting | Bug bounty poc
HTML-код
- Опубликовано: 29 мар 2024
- in this video i am going to show you all how to hunt for local file inclusion lfi and directory traversal vulnerability in bug bounty program so you can secure there website and earn bounty if anyone from youtube review team watching this please dont restrict this video because this help new people who are doing bug hunting this is only for education purpose..
Disclaimer:
Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
![Mary J. Blige - Breathing (feat. Fabolous) [Official Video]](http://i.ytimg.com/vi/snMHObq-6E0/mqdefault.jpg)
Literally no one makes content like you just the content are real and raw. Keep posting like these videos.
❤️😇
Never Stop Guys every viewrs watching this video one day u will write ur own POC from ur bug bounty Report Ameen 🎉🎉🎉
What does poc mean pls(no hate)
profe of concept how you find the vulnerability and how you exploited it ..step by step
@@lostsecc thank you brother keep up king ❤️
I love your tool setup you should post a ISO of your windows image with the wsl libraries.
Bro in level teaching u are surpassing jason haddix without even voice respect bro
all are good brother ☺️😇btw nicee to hear this ❤️
I have learned an insane amount of things from watching you hack. Thankyou so much!
my pleasure to hear this brother ❤️😇
Great video man, keep up the good work, best teacher!
thnq brother 😇❤️
You make quality content bro❤
I hope yt do not delete your videos
they granted this video bruhh ❤️😇
Dude, great stuff as always!! Maybe one day ill be as good as you!
you are alrady brother keep going ❤️
We support you bhai thanks for supporting us❤❤❤
my pleasure brother ❤️😇
I really need this ❤ thankuh so much lostsec ❤😘😘
my pleasure ❤️😇
Iam enjoy and download all your videos in my phone 🔥🔥🔥🔥
☺️❤️
Good job man ❤ i want another video like this With RCE vurnability pls ❤
yes surw ❤️
you'll never disappoint us
i will never ❤️
nice bro you are killing it boss we are literally seeking too much knowledge brother even mee toooo boss !!!!1
my pleasure brother ❤️
Your an amazing person
pleasure to hear this ,❤️☺️
Good job keep going 🎉🎉🎉
❤️😇
Tabahee Phirdee....Khatam. Tata. Bye. Bye. Bhai Zabardast 🫡🫣😵😲😳 Awes0m3 👌💐🔥💯🤝🌹✨️💡✌️👍❤️🌙💥💸💸💰💲💸💸💸
😂❤️
Awesome bro ❤
thnq bro ❤️
U the Hero bro🎉🎉🎉❤
😇❤️
Keep em coming Brother
❤️😇
My brother in Christ, God bless ya for this content.
love u brother ❤️😇
brother love to your content❤...Thank you so much for this.
my pleasure brother ❤️😇
Hey! Tanks for sharing such valuable recon info in your vidéo. Really appreciate it! By the way, after using paramspider for recon, what tool do you recommend for fuzzing ? Thanks again for the awsome content! Cheers
use gf tool to filter out the parameter like xss lfi sqli and then send it to nuclei or your other tool that made for that purpose only like for xss use dalfox and for lfi use dotdotpwn amd for openredirect use openredirex
love this. thank you.
❤️
You are the best👑
❤️
Great content 🎉
nice one bro👍
thnq bro ❤️
Yes most big guys use labs and it becomes theory or ctfish
❤️if i have permison from bounty prpgram i will upload that also 😇
Your video where u doing recon brother u only told about js file recon not complete recon method ?? Only js file secret finder tool and gau is enough for bug hunting well I think no can u show complete video on that
i think you did not watch full video again watch that
Bro best content ❤️🔥
thnq brother ❤️
again i am saying this dude is a menace... i'll repeat this dude is a menace
why ?
thnq brother for your love ☺️😇❤️
Great 👏😊content bro
thnq bro 😇❤️
I would love to learn from you more would you help me in finding bugs.
sure just active on telegram channel i will help you ❤️
great find.
was watching, randomly got blocked then here again lmao
yeahh video back after review by youtube team 😇
Great video man, for that I need any nuclie template in my template list...?
use some custom made
@@lostsecc any reference..?
can you exp;ain how can you using wsl , because i had try it and i couldn't install anything (mirrors was okay)
watch video on techchip yt
Perfect👍
This is very good 🎉❤
thnq brother ❤️
beautifal
How to find targets / programs like this ???
Cz Most of have WAF detection if payload execute WAF can detect so how you find these programs?? Please make video
there are many bypass for waf you just need right payload.
خوب بود👏
Love you bro❤🎉❤
love you three bro ❤️😇
first comment 🎉😂
Weeee
great job.. teach me pls bro
join telegram @lostsec
Please name the theme about your terminal its so beautiful
its ohmyposh theme
how do you have that custom theam in terminal
its kali wsl2 with ohmyposh theme
What tag you use for xss because it do not work for me
there are many tagss try it..
For nuclei xss
nice content ❤
thnq brother ❤️
plzz make video how to setup wsl ubuntu machine with all tools installed
sure
Brother, i have one doubt. How to select domains, are you fetching hackerone or integrity platform, or take down private domains like using dorks wordlist. You are using Google hacking methodology. Can you clarify the information?
for public domains use dork and for bounty program there are many subdomain finder and if you want easy just download that subdomains from project discovery
Can you explain that command please? What does uro, gf lfi, do? @Lostsec
uro for filter out duplicates urls,gf used for pattren filter like gf xss it will give you param that are possible for xss like q= search= etc
@@lostsecc Thankyou!
سؤال من فضلك
Heroku API KEY
هل هو ثغرة وهل استطيع ان ابلغ عنه ؟؟ هل استطيع ان ارفع تقرير بدون رابط ادا وجدت Heroku API KEY
you need to check its valid or not by keyhacks sh script
@@lostsecc thnks
Bro where do you get that shell? Is that some kind of bash ?? How ? I got just basic power shell ..
its kali wsl2 with ohmyposh custom theme
@@lostsecc thanks bro
Can you explain to me how to change my terminal like yours?
I've searched a lot
i will.make video on this..
@@lostsecc Thank you, brother, you are a wonderful person ❤😭
☺️❤️
@@lostsecc I wait for you, brother🫣
Buddy you should make your own website where you can post your videos without worrying about RUclips guidelines ( as RUclips removed videos
i will not stop !
@@lostsecc good spirit
hey bro how did you find the target?
dork
How to find all tools you use in video
join my telegram there i share t.me/lostsec
Amazing video ❤ I am your big fan sir ❤
☺️❤️
ومنك نتعلم
online
@@lostsecc سؤال من فضلك
Heroku API KEY
هل هو ثغرة وهل استطيع ان ابلغ عنه ؟؟ هل استطيع ان ارفع تقرير بدون رابط ادا وجدت Heroku API KEY
Hello bro, on which platform do you run Bug bounty?
intigriti bugcrowd
@@lostsecc Thanks bro ! 😊
Did someone pay you out 5000$ from the sites in the video?
i said its worth 5000$
🎉
I love yoy bro❤
i love you three ❤️🫂
Day 10 still waiting for your nuclei custom templates file
it takes times bcz nowdays unsigned tenplates not work so i am working on this ...
Okk any suggest on other GitHub templates of nuclei?
Why dont you explain whats going on even if it was in text
i will explain in telegram if i explain in video it take long time so..
how many years have you spent for doing this type of things
in bug hunting 1 year before i done ceh chfi redhat ccnp so i have interest from start in hacking field then i found bug hunting field intersting ..
@lostsecc re u gonna do some tutorial videos ? how can i be good at bug hunting and websites pentest
focuson on oswp top 10 bugs ans master it
How much this vulnerability worth
google it LFI bounty rewards.
but these sites doesn't have bug bounty program you did it for view or experience I'm not saying you're not good you're good but they looks easy sites
bug bounty program has strict policy to not disclose any crtical vulnerability so thats why i did not upload that..when upcomming video on them..and i make this so you can learn the methology and appy on bug hunting..
Brother I sent you on the tele why don't you answer
sorry i sleep early yesterday bro ❤️
If I do the same which u do ...can I get LFI?
sure try it.
❤
where commands ? start making write ups bro
i will share in telegram
bro what is gau | uro ?
uro is used for filter duplicate urls and gau is used for fetching all urls from waybackmachine,commoncrawl,alienvalut etc
@@lostsecc thx
Can you share plz your automation command in your telegram chanel?
soon..
why ur using windows and not linux?
its kali linux wsl2 virtual box takes so much ram and storage and lags so its light weight and easy to use..
@@lostsecc Oh nice, i might check that out - didnt know about WSL! Is it safe to use? like same as sandboxed as a VM?
its safe dont worry its window feature
Bro any bounty what do you think will you get ??
its public program brother do this on bounty programs bcz of thery policy i did not show there site but you got idea !
@@lostsecc you are using your custom templates ?\
Nice bro
Name style wsl ,?
wsl2 with ohmyposh custom theme
instead of lfi can we do xss fuzzing bhaiya
sure just use gf tool and extract xss endpoints and then run dalfox xsstrike on it
@@lostsecc can you help me making terminal like you please want it please skulls and same like you
@@lostsecc please brother i do wanna that background and colours in commands
birooo please
@@lostsecc skulls background you have used in previous vedios
Uzbekistan🇺🇿
nicee man ☺️❤️
Template - default or custom
custom
I appreciate your hard work brother ❤️❤️❤️ can you tell me how to download crack caido tool ..
i did'nt tried crack one bro but i will check for you ❤️
@@lostsecc yes please brother try I can't afford ❤️❤️ that's why
make a discord
sure
@@lostsecc send invite rn though
@@lostsecc add rexy00000
Dude, what's in your httpx-tool that runs together with the subfinder? Thank you very much for sharing your technique with us, keep up the good work!
its in kali repo brother if u have kali just do sudo apt install httpx-toolkit
Thank you for this wonderful video brother. 🫂🫂🫂
thnq brother ❤️☺️
Amazing Content , Thanks a Lot ,,, ! the Nuclei -tags flag dosn't require custom templates but it gives me > [FTL] no templates provided for scan / i tried nuclei -list params.txt -tags lfi -templates ~/nuclei-templates > same error So using ~$ meg paths hosts > will be the alternative or dotdotpwn . Thanks again Waiting for Your Next Video Boss ~$ echo "../../../etc/5000$Bounty" && Best of Luck EveryOne .👽
thnq bro if you face any error just dm me in telegram ❤️
Sir, i do as like below:
$ cat testphp.vulnweb.urls_txt | uro | gf lfi | tee lfi_testphp.txt
$ nuclei -list lfi_testphp.txt -tags lfi
or $ nuclei -l lfi_testphp.txt -tags lfi
but i cant make PoC ... nothing found 😞
Can you tell me where is my mistakes???
remove $