![Intigriti](/img/default-banner.jpg)
- 230
- 1 473 900
Intigriti
Belgium
Registrace 20. 03. 2017
Global Bug Bounty & VDP Platform trusted by world's largest organizations.
Indirect Prompt Injection
👩🎓👨🎓 Learn about Large Language Model (LLM) attacks! This lab is vulnerable to indirect prompt injection. The user carlos frequently uses the live chat to ask about the Lightweight "l33t" Leather Jacket product. To solve the lab, we must delete the user carlos.
If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/llm-attacks 🧠
🔗 Portswigger challenge: portswigger.net/web-security/llm-attacks/lab-indirect-prompt-injection
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by _CryptoCat ( @_CryptoCat ) & intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:20 Insecure output handling
0:52 Indirect prompt injection
2:20 Lab: Indirect prompt injection
3:05 Explore site functionality
3:42 Probe LLM chatbot
4:29 Launch attacks via review feature
11:00 Conclusion
If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/llm-attacks 🧠
🔗 Portswigger challenge: portswigger.net/web-security/llm-attacks/lab-indirect-prompt-injection
🧑💻 Sign up and start hacking right now - go.intigriti.com/register
👾 Join our Discord - go.intigriti.com/discord
🎙️ This show is hosted by _CryptoCat ( @_CryptoCat ) & intigriti
👕 Do you want some Intigriti Swag? Check out swag.intigriti.com
Overview:
0:00 Intro
0:20 Insecure output handling
0:52 Indirect prompt injection
2:20 Lab: Indirect prompt injection
3:05 Explore site functionality
3:42 Probe LLM chatbot
4:29 Launch attacks via review feature
11:00 Conclusion
zhlédnutí: 1 284
Video
Exploiting Vulnerabilities in LLM APIs
zhlédnutí 1,5KPřed 21 dnem
👩🎓👨🎓 Learn about Large Language Model (LLM) attacks! This lab contains an OS command injection vulnerability that can be exploited via its APIs. We can call these APIs via the LLM. To solve the lab, we must delete the morale.txt file from Carlos' home directory. If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/llm-attacks 🧠 🔗 Portswigger c...
Exploiting LLM APIs with Excessive Agency
zhlédnutí 1KPřed měsícem
👩🎓👨🎓 Learn about Large Language Model (LLM) attacks! To solve this lab, we'll leverage a web-based LLM to delete the user carlos. If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/llm-attacks 🧠 🔗 Portswigger challenge: portswigger.net/web-security/llm-attacks/lab-exploiting-llm-apis-with-excessive-agency 🧑💻 Sign up and start hacking right n...
Intigriti Customer Story: Personio
zhlédnutí 390Před měsícem
Discover how Personio, a leading HR software provider, ensures top-notch security while rapidly developing new features. Supporting over 1 million users globally, Personio faced significant security challenges. Traditional security assessments couldn't keep up with their pace. Partnering with Intigriti, Personio implemented a bug bounty program, leveraging crowdsourced security efforts for cont...
Performing CSRF Exploits Over GraphQL
zhlédnutí 1,2KPřed 2 měsíci
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The user management functions for this lab are powered by a GraphQL endpoint. The endpoint accepts requests with a content-type of 'x-www-form-urlencoded' and is therefore vulnerable to cross-site request forgery (CSRF) attacks. To solve the lab, we must craft some HTML that uses a CSRF attack to change the viewer's email address, then upload it t...
Misconfig Mapper - Hacker Tools
zhlédnutí 2,1KPřed 2 měsíci
🚨 New tool alert! We're happy to introduce Intigriti's new "Misconfig Mapper" project. It's an open-source, template-based tool to help you identify misconfigurations in common services 😎 #intigriti #hackwithintigriti Github: github.com/intigriti/misconfig-mapper Gitbook: bugology.intigriti.io/misconfig-mapper-docs Blog: blog.intigriti.com/2024/04/29/introducing-misconfig-mapper/ Overview: 0:00...
Bypassing GraphQL Brute Force Protections
zhlédnutí 883Před 3 měsíci
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The user login mechanism for this lab is powered by a GraphQL API. The API endpoint has a rate limiter that returns an error if it receives too many requests from the same origin in a short space of time. To solve the lab, we must brute force the login mechanism to sign in as carlos. If you're struggling with the concepts covered in this lab, plea...
Finding a Hidden GraphQL Endpoint
zhlédnutí 1,2KPřed 3 měsíci
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The user management functions for this lab are powered by a hidden GraphQL endpoint. We won't be able to find this endpoint by simply clicking pages in the site. The endpoint also has some defenses against introspection. To solve the lab, we must sign in as the administrator and delete the user carlos. If you're struggling with the concepts covere...
Accidental Exposure of Private GraphQL Fields
zhlédnutí 842Před 3 měsíci
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The user management functions for this lab are powered by a GraphQL endpoint. The lab contains an access control vulnerability whereby we can induce the API to reveal user credential fields. To solve the lab, we must sign in as the administrator and delete the user carlos. If you're struggling with the concepts covered in this lab, please review p...
Accessing Private GraphQL Posts
zhlédnutí 2,1KPřed 3 měsíci
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! The blog page for this lab contains a hidden blog post that has a secret password. To solve the lab, we must find the hidden blog post and enter the password. If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/graphql 🧠 🔗 Portswigger challenge: portswigger.net/web-security/graphql/lab-graphql-rea...
Prototype Poisoning and Unicode Case Mapping Collision - Solution to March '24 Challenge
zhlédnutí 1,1KPřed 3 měsíci
🏆 The official writeup for the March '24 Challenge, which involves XSS, prototype poisoning and a Unicode case mapping collision (client-side overflow). We received 49 valid submissions (and 6 awesome writeups). In this video, we'll breakdown the solution 🧠 Full blog/writeup: bugology.intigriti.io/intigriti-monthly-challenges/0324 Follow m0z: loosesecurity Solve the challenge: chall...
Introduction to GraphQL Attacks
zhlédnutí 1,6KPřed 3 měsíci
👩🎓👨🎓 Learn about GraphQL API vulnerabilities! This video provides an introduction to GraphQL; What is it? How does it work? What are schemas, queries, mutations, fields, arguments, variables, aliases, fragments etc? How do subscriptions and introspection work? How can we work with GraphQL APIs in burp suite? How to find endpoints, exploit unsanitised arguments, discvoer schema info etc. This ...
Aggressive Scanning in Bug Bounty (and how to avoid it)
zhlédnutí 1,9KPřed 4 měsíci
🧠 What is aggressive scanning / intrusive testing? How can you avoid it? Learn about the importance of adhering to program requirements and the rules of engagement in bug bounty. In this video, we'll configure and test some common web hacking tools to ensure the requests are rate-limited and stay within the maximum requests per second permitted by the program. 🔗 Check out our accompanying blog ...
Exploiting Server-side Parameter Pollution in a REST URL
zhlédnutí 2,1KPřed 4 měsíci
👩🎓👨🎓 Learn about API testing (and server-side parameter pollution)! To solve this lab, we'll need to log in as the administrator and delete the user carlos. If you're struggling with the concepts covered in this lab, please review portswigger.net/web-security/api-testing 🧠 🔗 Portswigger challenge: portswigger.net/web-security/api-testing/server-side-parameter-pollution/lab-exploiting-server-s...
Common Scoping Mistakes
zhlédnutí 750Před 4 měsíci
🧠 TCM x Intigriti: Learn about some common scoping mistakes in bug bounty! 🧑💻 Sign up and start hacking right now - go.intigriti.com/register 👾 Join our Discord - go.intigriti.com/discord 🎙️ This show is hosted by _CryptoCat ( @_CryptoCat ) & intigriti 👕 Do you want some Intigriti Swag? Check out swag.intigriti.com Overview: 0:00 Introduction 0:22 Scoping Mistakes 3:15 C...
Exploiting Server-side Parameter Pollution in a Query String
zhlédnutí 3,8KPřed 4 měsíci
Exploiting Server-side Parameter Pollution in a Query String
Understanding Scope, Ethics and Code of Conduct (CoC)
zhlédnutí 751Před 4 měsíci
Understanding Scope, Ethics and Code of Conduct (CoC)
Exploiting a Mass Assignment Vulnerability
zhlédnutí 2,8KPřed 4 měsíci
Exploiting a Mass Assignment Vulnerability
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge
zhlédnutí 1,1KPřed 4 měsíci
Unicode Normalization and Cookie Path Precedence - Solution to February (Valentines) '24 Challenge
Finding and Exploiting an Unused API Endpoint
zhlédnutí 4,6KPřed 5 měsíci
Finding and Exploiting an Unused API Endpoint
Exploiting an API Endpoint using Documentation
zhlédnutí 5KPřed 5 měsíci
Exploiting an API Endpoint using Documentation
DOM Clobbering, CSPP (axios) and XSS - Unintended Solutions to January '24 Challenge
zhlédnutí 1,2KPřed 5 měsíci
DOM Clobbering, CSPP (axios) and XSS - Unintended Solutions to January '24 Challenge
Exploiting Time-sensitive Vulnerabilities
zhlédnutí 1,6KPřed 5 měsíci
Exploiting Time-sensitive Vulnerabilities
Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - nnedelchev
zhlédnutí 665Před 6 měsíci
Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - nnedelchev
Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - leorac
zhlédnutí 1,2KPřed 6 měsíci
Intigriti HackerViews 🎙️ - Meet your Bug Bounty Heroes - leorac
hi i am looking to learn how to fiend no random encounter battles for ps1 games using cheat engine can you help me with that and ty so much
Hey, we don't assist with individual queries. Besides, the whole point is for you to learn how to use cheat engine 😉
I am bowing my head in front of your cyber security knowledge. Lots of love from India 🇮🇳
Awww 🥰 I love India! 💜
The payload you put in actually worked because the actual sequence required to escape is `}]}`. You just accidentally changed the sequence from `}]}` to `]}}` at 7:37. That's the reason why `]}}` didn't work but your final payload `}]}}` used to escape worked in this case. Because the first three chars match up which are enough to escape in this case
Damn OK.. That does not surprise me 😆 I thought I similar issues prior to recording but could have just been more typos 😂
Can you help me decode Halo MCC hex values specifically how to locate my armor color in Halo 3 so I can change it?
We can't assist with individual requests, sorry! It's important for you to learn these things 😉
You have forgotten about the adb tool
Bro I swear to all things holy thank you. I've been stuck on pointers for days and you just rescued me
Nice!! 👊
I get access violation when i tried to change the value of the pointscan result. Its a local game, so idk why xd. Nice video. Edit. I restarted my pc and now I was able to change the value. It works! I dont have to do the same proccess everytime I open the game, nice.
can you teach us how to generate money in online game
No 😫
From where to know the name of secret files is there is word list or I must research in web paths ?
You can manually try for common ones or look for wordlists of common paths, files etc.. Here's one I picked at random: github.com/Karanxa/Bug-Bounty-Wordlists
burp suite intruder tab add from list is available in pro version only
The pre-set lists are pro-only but you should be able to import your own wordlist, with one word on each line
Cryptocat, could you pls shoot walkthrough web challenges from downunder 2024 ctf
I missed this one, sorry mate. Shame because DUCTF always has some great challenges! They publish all their solutions and source code here btw: github.com/DownUnderCTF/Challenges_2024_Public
@@intigriti thanks a lot brother🔥🔥🔥 Btw waiting you for participating in more ctfs and more web challenges walkthroughs:D Ofc if its possible for you🙌🏻
Give me discord pla
Of course! go.intigriti.com/discord
Interesting satuff! I literally just got into all this stuff yesterday, super conplex but I'm determined to work it out as I really want to hack into my favourite childhood game and make it more replayable! So I got hold of the address that stores my money and I can modify it etc, the address doesn't change between sessions so all good but when I set my money to say a value of 15000 then buy something, the value is then capped back again at 9999, I'm guessing in the function it's comparing to a max value then capping it, how would you go about trying to track that max money cap variable down? Thanks so much for your time mate!
You could simply try to freeze the pointer after you change the value (ticking the little box) so that it doesn't decrease. If that fails, future episodes in the this series will look at injecting (patching) code logic 😉
@@intigriti thanks for the reply mate! Yeah could definitely do that although I'm not actually looking for infinite money I just want to raise the max money cap so I can earn more in game legitimately lol also the cap is a signed 16 bit integer it seems as I tried to raise it past 32000 and it just goes into negatives, is all this stuff possible to change? Also looking forward to the next in the series! Thanks man!
mate...your rapid mouse movements are anoying =/. make them plz clear, because i look each time to dont miss something id you try to explain. rotate slowly over that region would also works and dont took too much attention from us. thx for your great videos :)
Yeh sorry about that, I tend to rapidly move my mouse when I'm thinking 😣
I dont really know why i dont have a # mark and the exploit still workin
Thanks. Shalom.
My generated CSRF POC is not auto submitting the form. I have to press the submit button for the exploit to work, hence the lab won't solve.
Does it look like the PoC used in the video?
For some reason, the option to copy a symetric key as PEM seems to have been removed.
I noticed this recently actually! I tried a similar challenge and couldn't get this solution working in burp, ended up just using jwt_tool and it worked fine 🤷♂️
if you put admiN also works
How donwe bypass sslpinning, please? Do you have a video on that?
Hey, some of the techniques used in these videos (e.g. Frida hooking) can be used for SSL cert pinning bypass, check this: infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29
man this banger song brings back soo many memories 🥲
Thanks young man .excellent tutorial
Glad it helped 🙏
@@intigriti I always try to learn from right people .Appreciate
@intigriti I don't get why reset_token was added to the field parameter? field=reset_token. Aren't they both parameters? What is the logic behind this?
The "field" is indeed the parameter, but since we saw "email" was a valid value for the field parameter, it makes sense that other form fields on the page would also be accepted ("reset_token" in this case).
We love these PortSwigger videos!! ❤❤❤🎉🎉 Thanks for sharing 💥💥💥
Thank you!! 💜
has anyone got a virus doing this yet
How? 🧐
Yo awesome Im doing this now
Nice! 👊
Awesome work
Thanks a lot 😊
hey bro it seems my jwt editor extension is not working. whenever i try to resign with the key i generated it just doesnt get resigned. i found another way to solve this.
Tried every combination and could not get my RPS above 30.
Caido is still KING for us free users.
Love it ❤
🥰🥰🥰
Hello in this is the content of the file is saved in the db or the file is saved in the filesystem?
It would be on the filesystem!
Great explanation 😊
Thank you! 😃
Dude! Are you a AI or real person? You looks like AI. lol
👀👀👀
Do you mind explaining "this.password" ? A snippet of backend code might help to!
It's been a while since I looked at this challenge but I'm guessing the api_friends function in app.py is most interesting for you.. Let me know if you want to see more! @app.route('/api/friends') def api_friends(): query = request.args.get('q') email = users.find_one({'username': query}, {'email': True, '_id': False}) if email: user = users.find_one({'$where': f'this.email == "{email["email"]}"'}, {'username': True, 'friends': True, '_id': False}) return json.dumps(user) else: return []
damn
👊
damn
😉
This is stuped
What the fuck
Cleared tq so much😊
Welcome 😊
Personio is a great company to work with! I've send several bugs to its Bug bounty program and has been a great experience. saurinn here👋🏻
Awesome! Thanks for the feedback 💜
So question. Say I do my first scan for my health but instead of narrowing down to 1 address holding that value, I have 2 addresses that hold the health value, does that mean Im looking for 2 pointers? Or would both addresses be getting the value from the 1 pointer?
I guess it could be either, depending on how the game was developed. Maybe those 2 addresses are being populated from another pointer or maybe the game is copying the health value to another address at some stage. This could be a basic anti-cheat protection, e.g. if player changes health, the 2 values will no longer match and the game can take action (restore health to correct value). It's more likely to be a benign reason, e.g. the health is used in some other function, but the value is copied to a new variable during this time. Maybe you can try modifying each value individually, then both at the same time to see what the effect is..
can you make videos on cheating games on ps4
The focus will always be hacking, not cheating 😛 Hopefully we will make more game hacking content in future but unlikely console-focused.. Maybe mobile!
@@intigriti true that but i would really love to see ps4 game hacking cuz it's like cheat engine a bit harder specially with pointer and there is not a lot of videos about it so i guarantee you the views and i asked you because i love how easy you explain things
Thank you for the video!! I have a question. When root it always have to start in "cool boot" to work it but in the video starts in normal mode. Is right?
Hmmm that's the first I heard about the cool boot being required, not too sure on that one. Looks like you can configure in android-studio, e.g. stackoverflow.com/questions/50420374/how-to-cold-boot-emulators-running-api-27-on-android-studio but AFAIK not required
Thank you for the walkthrough.
Welcome! 💜
Nice
Very nice
Thanks! 💜
But how do you know actually that the server's logic is that it puts the file on the server for a very short amount of time ?
Unless you have access to the source code, you don't! You just have to probe for race condition, similar to the other labs.
for some reason my response time for my 1st packet is typically shorter than my other requests. some times they're the same. i'll send 3-8 at once trying to test for that "longer response" i'm supposed to see.
i was able to go into the negative changing the values of the gift card i was purchasing. it put me exactly as negative into my account as the addition gift cards i got. interesting tho, cuz if i just took those gift cards to a seperate account i could gain purchasing power. (had this been real). Hey thank you so much for these videos! i can't wait to watch them all. Note to anyone here in the comment section feeling lost: we all do. don't judge yourself for it. and don't judge yourself for judging yourself. just accept that it's complicated and that's ok. then keep APPLYING THE LABS. walk around the house and try again till it feels better.
Good point on the transferring gift cards to a new account!
I would like to understand Cheat Engine well enough to Make if one RAM address changes to a certain value store a value to a different RAM address what would you recommend? It's for offline games.
Keep watching this series until you have the basics down, then maybe the answer to your question will become clear 😉
@@intigriti I know how to make all types of codes already can you suggest videos to watch to speed things up?
Hmmm maybe for this, the cheat engine forum will be most useful, e.g. forum.cheatengine.org/viewtopic.php?t=619282&sid=c0c35f68febf9db304e031a074304df7 You could also check this video, maybe it will help: czcams.com/video/sx5GHoybGgY/video.html
@@intigriti Thanks for reply. God Bless 💕✝
Thanks for the walkthrough.
No problem! 🥰