I really liked the implementation of the new feature you added, explaining the logic of the bypassing the API query in the source code was very intuitive. Really love your videos IppSec, very grateful for the content you put out.

Like the new way of editing. Interesting with the type-vuln-error, worth noting that the response is made earlier and without the int() check in the query, cool trick!

this editing is great! thank you for doing that! the videos are super long as it is, and it can help keep someone hooked to not have to manually skip to the end if they are confused.

Always I'm waiting saturday to enjoy watching you simplify things which no one could do it your way. Thank you a lot.

Hi, Ippsec! Since those all are just writeups videos, I think that the "new" kind of content where you put explanations from the future yourself is just amazing. I don't have to skip or go through the entire video just to listen to that. For me, that's a huge pro :)

I like the new editing in the middle thingy.

Edits are great! I don't do much htb anymore but the creativity aspect of the password cracking section was enlightening, good job and thanks for sharing :D

I really liked the new way of editing and explaining what happens in the background in the middle of the video. Me personally sometimes skip the last part of the video and say that i will resume it but it never happens. Awesome work man as always. Keep up the good work 🖤

I like the way you explain the type conversion error after you discover..

that file disclosure was neat and brutal at same time , learned alot thanks master...

Awesome video! Thanks for doing this. I need to probably rewatch it a couple more times to better understand the process of the decoding the file. But amazing overall.

8:25 that was a great move!.

Thanks for the new explanation in place thing! 8:59 Am I right in thinking that the reason this still returned data despite the error you introduced with the failed int() casting in the if statement is because the sql query WAS smart enough to cast the “1.0” string to an int and match it to something in the database? Almost a bit like how HTTP smuggling works where two different things disagree on how to process the same data? Actually ignore this comment, that must be what happened else it wouldn’t have worked. Leaving my rambling here in case it helps someone else to work through it.

Thanks heap for the video and your time. I learned how powerful is python.

My ippsec weekeend fix is finally here 😄

there's very helpful re.escape function to replace all shenanigans with doing it manually

Thanx, have a nice sunday!

very nice and good

Good job!

Really it's a great video 😹❤️

how to be ge good at hacking boxes quickers like u have soo many walthroughs of boxes but going through all of them wont be possible if i wana get started how should i approach like are there shorter walkthroughs i could go over and get a good understanding

Ippsec rocks! 🙂

Push!

i got the reverse shell as uid 1337 which is weird but idk why

First

My fv ipp .....

Make video : Router Firmware Backdooring

About the newline/skipping lines in regex: Match any number of (any char followed by )'s followed by SECRET followed by any char: (.* )*SECRET.*

another reason python sucks!