Great work John! This continues to be my favorite YT channel.

I love the CTF videos please keep them coming.

Always good

This guy is a wizard!!

Talking about Snyk, you know what would be fun? Finding a vulnerability in Snyk that you can exploit to actually inject vulnerabilties into applications, into your code

the content you put out is just out of this world. i follow many hackers but you are out of you league bro

You could also use rlwrap before your nc command to get a somewhat better shell out of the box

I remember Ippsec used the same synk payload in solving noter form HTB 😂 good work John

Love your content always 👌🙏

I just discovered this channel, fantastic🗣️🗣️🗣️🗣️🔥🔥🔥🔥🔥🔥

Love these videos

Excellent work

Awesome! I didn't know about this before. It's the first time I see a RCE with a XSS and a SSRF with the same XSS. Great job dude! :D

Awesome video, thanks.

One of my boxes in hackthebox called "Noter" had the same vulnerability!

Legend Hammond

I am already using it, thanks

Thanks John , nice work

What an amazing video!

This was dope!!! So funny i am watching and dont have a clue what you was doing but it was fun watching..... make me want to become a ethical hacker and move from my network position.

after almost 30 yeqr of playing with linux CLI, i learned about ^L ... i feel stupid lol and nice one!

Wow you solved it super quick

2:42 Hey guys, to see the code you have to click the right button on your mouse (that's the device you use to control your cursor) and select the option that reads "View Page Source" :) 15:40 aight, so I'm gonna get a reverse shell by starting a netcat listener, then using ngrok as a redirect, I will grab this bash script, set the correct variables and execute it within another bash call and done, we are in. Feel free to use stty or pwncat to get a better shell. draw the rest of the fucking owl much? lol

Awesome content!

get any recommendations on how to do this but locally? without use of cloud servcies? want to parse pdf into markdown.

Man! I took a break from CTF and looking at this showcase , sing me up for the next CTF

I like that shirt !!

woah that was cool, i really need to do some CTFs again

what if i have simillar ctf problem but js injection doesnt work?

Thank you

Awesome 😎😎😎

Awesome

This one sounds very interesting John! Excited to watch this later.

Hey guys! Can anyone explain to me why do we need the wrapping of the "bash" command? Why doesn't bash work on it's own (or sh for that matter)? p.s. great video :)

Ik the drill😂

so, the ---js … --- stuff does the same as …?

I loved it, i used to be lost on it, for now I'm ready))) thanks for all Mr John)))

Hmm, good work

Could you slow down you're going to quack... lmao Gg, love the videos. Keep up the great work! ^_^

Curious if you could use this to trigger a MSF payload that kicks off a Sliver Beacon followed by a Cursed Chrome/Edge remote debug session?

🎉🎉🎉

First here. Awesome video keep it up

O .O great

this is cool...

Cool ☠👻

Very Snyky of you to use that Snyk vuln DB John! 😉 Fun challenge, I remember doing a very similar one on some other CTF or maybe TryHackMe once.

👍

Awesome,e

Hi I have a question Unfortunately I am getting electrical engineering [due to a f*ck education system] But I want to become a cybersecurity analyst Is it acceptable if I do my btech in electrical and after that Will I able to get into cybersecurity field

John the ripper

Ayeeee

OP

people commenting without watch video

CTF challanges where the answer is the first result on google. YAWN. This aint a CTF its a skid playground.

Hey John, Are you coming to black hat event in MIDDLE EAST AND AFRICA, located in Riyadh , Saudi Arabia on 15-17 November 2022. You should cooooome!! I want to take a pic with yaa :p

John, considering cut your hair ? haha. just asking >#

I think it would be better to solve the challenges live, so we can see your thought process, as opposed to knowing the solution beforehand

Oops

You have not replied to my email..!

You can use pdf-parser To get information about pdf And to know if it contains malware CVE-2010-1240 Adobe reader v9.x/8.x $ pdf-parser evil.pdf | grep exe Result be like /F (cmd.exe) Then it's a malware