wow that was fun to watch, i honestly didn't know about that nginx misconfig. uhhh time to go recheck all of my configs coz thats pretty scary

I’ve always been no trailing slash guy, but now I am thinking going to be always tailing slash guy

Damn man... Its so awesome to watch you do this.. Keep it up

its mind blowing to see so many chrome tabs open at the same time🤣

A small clarification - the .env file is gitignored because different environments uses different .env values, and to keep this away from source control, but not because we want to exclude/hide it from a production environment. Of course, there are also other ways to set environment variables in a production runtime.

Hi John, just need some knowledge that I am trying to figuring out recently, currently I am fiddling around with Java, and interesting thing I found about it was that Windows 10 does not check for Code Sigining of a Jar file but if I deploy a simple hello world written in C/C++, exe file on a different computer it detects it as a malacious file and does not let user to run it. What are the edge cases that will prevent someone from writting a Java based virus or a ransomware to go undetected by a security endpoint given the fact writing obfuscate code to prevent behavioural analysis by security.

I had no idea what was going on until the last few moments. No idea what Capture the Flag had to do with Laravel. But you're actually playing Capture the Flag. Interesting.

Thank you so much 🥰🥰🥰

FYI, Azure VMs are not "pingable", Microsoft for some reason removed this feature from Azure VMs

John… lovely work as always dude! Cheers! [checks path mods]

Thanks so much Amazing content ^^

Interesting, any other / exploits we should know about to path our systems?

👏🏻👏🏻👏🏻 Awesome!

Laravel 😍😍😍

Hey John, can you do Etituber? I'm curious about the XXE payload...

What version of Xubuntu does the VM have?

What's the cookies plugins, John?

Wow John your amazing!! Thank you for all the amazing how-tos! I’m curious how long did this take you to do? Your real time, keep it up. God bless.

great wholesom video

Amazingg videoo !!

I am posting all the information of identity thefts scammers as I am building myself to be unstoppable success of my own

could you access the .env file? *EDIT* lol I was way too impatient.

Hey John. I wonder if i can solve these challenges after the ctf is over ?. I want to practice on my own

kuuuurwa

That was hot

Sir, I want to build a booking website using php, html and css. If I don't learn javascript is it possible to make it

I am not super familiar with command line: what does "cat /tmp/f | sh -1 2>&1" actually do? Thanks John, your videos are really awesome!

❤️

nice one

What about simply reading /assets../.env? If that doesn't work, because we are speaking of php developers, there is always at least one route that can be easily forced into a 500 to get the debug screen and read the entire configuration from there.

Can you do a video of Pegasus spyware how it works and how to protect from it

Hey John, I notice that you always solve more web challenge in HTB Business CTF. I think that your channel root is reversing or crypto. Can i know the reason?😊

That ngix misconfig is scary

I will no longer sleep at night.

I'm sry, I found you a few weeks ago, and love the content, but I just have to say it. God: 'how many frackles do you want" John: "yes" XD love you! Keep it up!

When you get access to .env you have access to the db name user + password I think you could just try that for to ssh to the server

Test CVE-2021-36934 Serious SAM and Hive-Nightmare

Bottomline: deny ANY file/directory starting with a dot from being accessed publicly.

Sir please give your picoCTF class code

I didnt know seth rogan had a twin brother who is a hacker

Why are you using old version of Ubuntu

you do not need to close the `?>` in php files

Pog? Pog? Being early-ish?

all it took was a simply missing '/'

Need firebase exploit