(2:02, 5:21) Lab and Fuzz Parameter (7:40) Wfuzz filter out 404 (11:33, 11:51) Wfuzz
@chipko Жыл бұрын
Oh wow! This is amazing and so quick. Thank you Alex, Heath and TCM!
@m1ni_m4l Жыл бұрын
Thanks for the content, really important and precise. TCM courses helped me a lot in my cybersec journey!
@faadi4536 Жыл бұрын
Never knew about this up until now. Good job bro.
@TCMSecurityAcademy Жыл бұрын
Thank you
@mridulkumartiwari607 Жыл бұрын
Much needed video 🤠📸
@nonlinearsound-001 Жыл бұрын
Been in the coding game for the past 20 years and made a lot of mistakes and had my successes. But, what I don’t understand at all, is, who on Earth would code a Web-API and include direct file access like this, basically creating a reverse shell? (more or less). Do we really have such a significant amount of software out there, featuring this kind of flaw?
@offsecprep Жыл бұрын
Yes, the main point is the methodology rather than the vulnerability. But, you'd be surprised, I've seen quite a few simple vulns like this in the past when carrying out pentests (granted, usually before the application is released - it's less likely you'll find this in the wild or during BB)
@SmedleyButler1 Жыл бұрын
@@offsecprep a channel showing packet and pentesting of libre apps would be great and you sound like you could do it! To get started a unique and hugely popular video idea would be on hash /checksum app verification ON Android, FOR Android? Hash Droid is the only way I know of and I'm still not sure how to use it often (auto runs, zipped files, playstore vs Foxydroid or neostore) NOBODY has done this and it seems like THE most important thing to do!?...lots of.powershell vids on it but not everyone uses windows....also, is a chromebook really more secure than Linux as one tech (not cyber security) guy claims? He said cyber pros told him to use it or Linux in a virtual machine in windows
@Z0nd4 Жыл бұрын
Thanks for this videos, I just begin in the API pentest wave, and Its very interesting.
@Mrg-kj5ml11 ай бұрын
That was super informative. Thanks for thorough explanation.
@worm_403Ай бұрын
Interesting video man thanks for your contribution
@renatojlopes Жыл бұрын
Thanks for sharing this.
@skysunset8779 ай бұрын
Super good! Thank you!
@harrylumsdon6773 Жыл бұрын
Great stuff
@janekmachnicki2593 Жыл бұрын
Great tutorial mate .Thanks
@BerniesBastelBude Жыл бұрын
useful explanation - thank you!
@doshamitv50207 ай бұрын
IF THE LFI DIDNT WORK ON "ID param" could work on "author param" ? ( like the vulnb could work depend on the param right? ) or it also works on the other params?
@Alaa-kc4rx Жыл бұрын
Nice video, sir, and thanks for sharing this valuable content with us. please share moore videos about api enemuration and pentetst, with just basics
@leghdaf8 ай бұрын
Great Content ...
@maryjanechukwuma97072 ай бұрын
how can i get the World list you used in this video
@bitminersouth8845 Жыл бұрын
I have the same chair, I was expecting more confort.
@张佳新-j7u Жыл бұрын
how can i get api dictionary
@varunfoodvlog9215 Жыл бұрын
api endpoint give 404 error then what i do, can anyone give me same tips?