I’ve always been no trailing slash guy, but now I am thinking going to be always tailing slash guy

wow that was fun to watch, i honestly didn't know about that nginx misconfig. uhhh time to go recheck all of my configs coz thats pretty scary

Damn man... Its so awesome to watch you do this.. Keep it up

John… lovely work as always dude! Cheers! [checks path mods]

Thank you so much 🥰🥰🥰

Thanks so much Amazing content ^^

Wow John your amazing!! Thank you for all the amazing how-tos! I’m curious how long did this take you to do? Your real time, keep it up. God bless.

Hi John, just need some knowledge that I am trying to figuring out recently, currently I am fiddling around with Java, and interesting thing I found about it was that Windows 10 does not check for Code Sigining of a Jar file but if I deploy a simple hello world written in C/C++, exe file on a different computer it detects it as a malacious file and does not let user to run it. What are the edge cases that will prevent someone from writting a Java based virus or a ransomware to go undetected by a security endpoint given the fact writing obfuscate code to prevent behavioural analysis by security.

great wholesom video

I had no idea what was going on until the last few moments. No idea what Capture the Flag had to do with Laravel. But you're actually playing Capture the Flag. Interesting.

nice one

👏🏻👏🏻👏🏻 Awesome!

Interesting, any other / exploits we should know about to path our systems?

Amazingg videoo !!

FYI, Azure VMs are not "pingable", Microsoft for some reason removed this feature from Azure VMs

A small clarification - the .env file is gitignored because different environments uses different .env values, and to keep this away from source control, but not because we want to exclude/hide it from a production environment. Of course, there are also other ways to set environment variables in a production runtime.

Hey John. I wonder if i can solve these challenges after the ctf is over ?. I want to practice on my own

That was hot

❤️

Hey John, can you do Etituber? I'm curious about the XXE payload...

Laravel 😍😍😍

I am not super familiar with command line: what does "cat /tmp/f | sh -1 2>&1" actually do? Thanks John, your videos are really awesome!

What's the cookies plugins, John?

kuuuurwa

Sir, I want to build a booking website using php, html and css. If I don't learn javascript is it possible to make it

What version of Xubuntu does the VM have?

I am posting all the information of identity thefts scammers as I am building myself to be unstoppable success of my own

could you access the .env file? *EDIT* lol I was way too impatient.

Can you do a video of Pegasus spyware how it works and how to protect from it

That ngix misconfig is scary

I will no longer sleep at night.

Hey John, I notice that you always solve more web challenge in HTB Business CTF. I think that your channel root is reversing or crypto. Can i know the reason?😊

What about simply reading /assets../.env? If that doesn't work, because we are speaking of php developers, there is always at least one route that can be easily forced into a 500 to get the debug screen and read the entire configuration from there.

When you get access to .env you have access to the db name user + password I think you could just try that for to ssh to the server

Test CVE-2021-36934 Serious SAM and Hive-Nightmare

I'm sry, I found you a few weeks ago, and love the content, but I just have to say it. God: 'how many frackles do you want" John: "yes" XD love you! Keep it up!

Bottomline: deny ANY file/directory starting with a dot from being accessed publicly.

Pog? Pog? Being early-ish?

I didnt know seth rogan had a twin brother who is a hacker

Sir please give your picoCTF class code

you do not need to close the `?>` in php files

all it took was a simply missing '/'

Need firebase exploit

Why are you using old version of Ubuntu