and then you realise that he doesn't understand the await operator, so he puts it even when he calls the async function LOL (line 13 on VC @46:30), also he could have read the error message, it says right there.

Ooh and a const in a loop is not possible, since it is a constant and of an immutable type which can only be declared ones and not updated within a while loop.

Thanks that makes total sense

I had no idea. That is cool

Hi, how did you find this out?

Umm I hate myself right now, most likely you could totally do that 😂 I just didn’t think of it

@@ippsec I'm sorry i didnt meant to point it out because i want to say that was a better way, that was no my intention at all, i was just wondering if that was possible, and to test my level of understanding 🤣. You show anyways that the script was vulnerable to sql injection, and how to benefit from that, so definitely your way is the best for us and for the sake of learning, as the purpose of your videos are sharing knowledge. As always you re the goat, thanks for all your videos.

@@MusicDimensionKZbin No i'm happy you did haha. Was more sarcastic

@@ippseci totally get the sarcasm. I'm happy to know that modify the entry was an option that could work, I'm still learning and see that maybe I get something right make me willing to learn more and definitely you're the right place to learn, your approach to solve the boxes is amazing, the explanations of the steps you take to find the informations and the beyond root part is gold.

​@@MusicDimensionKZbin I believe it's not possible to write to the file /root/.ssh/authorized_keys doing what you suggested because each injectable column can contain only up to 20 characters: Injectable columns: name, addressLine1, addressLine2, town, postcode MariaDB [(none)]> desc bookworm.Users \G *************************** 2. row *************************** Field: name Type: varchar(20) *************************** 6. row *************************** Field: addressLine1 Type: varchar(20) *************************** 7. row *************************** Field: addressLine2 Type: varchar(20) *************************** 8. row *************************** Field: town Type: varchar(20) *************************** 9. row *************************** Field: postcode Type: varchar(20) So, if you tried to change one of those columns to the PostScript payload, you would get an error saying you tried to insert too many characters on a column.

That is Github Copilot

I believe it blocks the page itself from running Javascript on itself, which is why the Alert() did not work, and there's something that's blocking you from loading scripts externally, so you can't just directly point it at yourself. Which is why I needed to host the script on the server through Avatar. I never run code from a server on my own IP, I just exfil data there. That said, in hindsight, I never tried to just point the javascript back to myself then do the malicious things there. I don't think it would work, but its possible would be a good thing to try out yourself and see why it does or doesn't work.

Running through SQL would still be a SQL User not root. So having the option to exploit SQL or the Injection to PDF Generator... I go for PDF Gen since that is running as root.

Curious about this too.

Nope, when they launched we got off on the wrong foot and I also didn’t enjoy their content. I feel there’s less effort put into making sure it’s quality content. Could have changed now; but I have no reason to check them out. Also I do work for HackTheBox now, did not for the first few years of doing videos. So not only would I be highlighting a site I don’t support, I’d also be highlighting a competitor

@@ippsec in terms of content quality, you're absolutely right. TryHackMe seems to be making very "small" boxes in comparison to HackTheBox. so I understand your point.

​@@ippsec you are HTB employee of the month (read this with Simeon Yetarian's voice)

Good point

I think you are correct - However, that is now how my brain things code/functions/etc should work. So I avoid taking advantage of that.

​@ippsec ah yeah, I get what you mean. I love python but the weak typing makes things really ambiguous sometimes.

Ippsec Is Python Charmer 😂