HackTheBox "Business CTF" - Time - Command Injection
Vložit
- čas přidán 26. 07. 2021
- If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
Really enjoyed the time you took to explain this one. it's pretty straight forward, but this format would be great for beginners. love your work
Followed you up since start of the year and quality has evolved in the meantime. Keep It up📼
this makes me want to try some of these myself
Yeah same, the problem is that Ive never done anything like that lol
Just wanted to say I'm new in the I.T. industry, read A+ and studying for my Network + cert while pursuing cyber security and watching these videos and having you explain things is really helpful for me despite how basic some of these are. Just wanted to say I appreciate the content this way.
This little breadcrumbs are so essential, thanks for sharing 👌👍
Love the CTF videos! Keep that up man!
I love your work John! ❤️
absolutely love your videos John
Love your content John....learn more and more.....greeting from indonesia
I like the tune after the video ending
Awesome content, getting to learn some new stuff :)
I learned a lot from this ctf.
yay john is going back to his roots
Can you please tell us why it didn't work with curl or browser? And why it's working only python?
Great video's mate.
Really helpful thank you
brilliant
love your videos man
That was good
What happened to the dark web series?
Love ur vids
Yayyyyy ctfs!!!!!!
u are awsome
The reason it didn't work in the browser/curl was because you were using && instead of ;
&& runs the second command only if the first command ran successfully
; runs the second command regardless of the first command
And since the first command is `date ''` which returns an error, the second command never ran!
?format='; whoami # still fails in the browser.
The command would run `date +''`, which doesn't error, and returns an error code of 0 indicating it succeeded. It just has an empty string for a format string :)
@@_JohnHammond I believe the reason it does not work in browser is because # is never sent to the server as it is the "fragment identifier". However, URL encoding it to %23 might have worked IMO :)
Thank you for great video as always!
Sir ... if possible ... please release a video on Pegasus spyware ...
Htb ca 2024 had same challenge again this year lol
I am first command. Holy YES!
Me first to reply you and second to comment 😏
Me second to replay and third comment
@@nizarel-marzouki9076 me third to reply and 4th to comment :)
5th. baby!!!
You may be first to command but not to comment
to the 8 people who disliked, Why?
shebang
Update your chrome
Nice try!
3rd Comment Muahahaaaa
2nd comment because replies to comments don’t count.
7th