Sometimes, what you know is not enough to get noticed above the crowd when trying to get a position; it is who you know who can open that door.

amazing walkthrough

I'll start doing this soon, I'm in need of a career change 😄

Great walkthrough Tib3rius. Keep up the good work!

First time I've really had Burp explained so well 🐥

amazing explanation appreciate it

What is twitch

🔥🍿 Premium Popcorn !!

Great looking forward to it 😊.

😊

you are better than these other plebs, best walktrough!

No other youtuber had explained any task like u did.. understood every small details.. very well explained.

Incredible clarity and simplicity in your teaching, yet packed with detailed information on all the essentials. Thank you for this. I'll definitely check out what other content you've created!

Great video so far, it's really giving me a lot of insight I'm not getting from simply going through the rooms on THM. I did manage to figure out a different (although much more boring) way of finding the flag on 38:39. I edited the python code to: import os; print(os.popen("cat app.py").read()) The flag was in the result Must honestly admit that in the last task even after trying to follow along I have no clue how you got the extra flag. I get the basic idea but what are the %3*? codes for when adjusting the url, and how did they get there?

Sort of up, above & around then scroll down 😂 Last-Byte Syn Attack Explanation 👌

yoyo 1st~

liked/subbed/followed/incredible

What is the name of the lock set

Thank you so much for amazing contenet!

Wow😮

last one is SQLI /page/edit/1'1+1'

How would you go about getting code to determine if a race condition is possible on a real web app? I know it's provided here to help learn, but is it just a guess and hope it works in a real world scenario, or are there more effective ways to see what the code is doing?

I'm so glad I watched this video in addition to reading the room. Your explanation of last byre sync with wireshark was great

this a lots of information

just add in end '1'='1

Hi what does:Where balances shift and numbers soar, look for an entry - an open door! mean? what should we look for?

For the past 2 AoCs, your videos have been the best. You add a ton of value to the lessons they provide, thanks for going in depth and thanks for making these walkthroughs.

Very informative video. Great work, thanks!

OMG the more I participate in advent of cyber 2024, the more gold I dig. Another great resource you tube channel for me.

This walkthrough is special.... I couldn't help to close my mouth wondering every details your are explaining.. Thank you

in the task is says send OVER 2000$. and i did as told to do and me end up not getting the flag. how to refund glitch account?

I totally agree with you on this!

Savage 😂

Thank you for that. I just learnt something very new to me. Well done Tib3rius. Do you have any videos on Burpe Suite?

Awesome video.

Saved some time by going through this walkthrough . Thanks for this

And again Tib3rius explained the topic exceptionally well, going above and beyond by not just covering the basics but also diving into the 'why' and 'how' behind it. His videos are always so informative, and the streams are especially great for learning. Keep up the amazing work!

Nice to see you doing one of these Tib3rius! I've been following your walkthroughs for a few years now. You always go the extra mile and explain all the details.

Thoughts

Aww you gotta give him that TOCTOU

Great it does not work for me. Luckly devs that made code dont check if i transfer 1000 than 2000 so it goes to negative anyway. Cheese way to get flag but i just cant replicate attack. It does 10 requests i get 10 response and only first gets processed. Did same with attackbox and it worked. Now i have even less clue why it didnt work on my personal vm.

Thanks! I loved the additional information, like showing us Wireshark as well.🙂

thanks for to me. for you see i have no eyes

Great video and explaination.

There is an issue with last task (glitch account). When I duplicated the tab from the previous task and swapped the cookie session, account number and amount for proper values, the Balance went to 0, but no flag was provided.

turbo intruder not installing

While the challenge was pretty easy, even for a beginner like me. This video really added a lot of value. I loved how you went into detail explaining how this attack works. Thank you

I enjoyed every byte of this video. Well-done and Thank you. Well explained.

Hi, Your explanation is awesome and i could able to understand the last byte syn. Thank you.

Ah thanks Man ! Your videos are always with a superb quality 🐳