Part 2 Package Dependency Confusion Vulnerability | Advance Bug Bounty Tutorials | Hindi
Рет қаралды 4,985
Күн бұрынIn this video we are going to learn how to find Package Dependency Confusion Vulnerability. This are found in NPM, PIP and other packages. I will teach you how to find Package.json vulnerability.This is part 12of the video where we will see how to takeover the package.
Tools used in the video:
Code Used for Index.js: pastebin.com/r...
🔴 ** BE MY FRIEND **
🌟Web:
🌟Instagram(Personal): / thecyberzeel
🌟Instagram(Spin The Hack): / spinthehack
🌟Twitter: / thecyberzeel
🔴 ** ABOUT THE CHANNEL **
At Spin The Hack I document my career and teach you what I learn in easiest explanation.
Spin The Hack is one of the leading Indian educational enterprise aimed at helping people learn and understand cybersecurity in better and simplest way.
At Spin The Hack, We serve the best possible Cybersecurity and Penetration Testing content through our website and KZbin Channel, help students grasp all the concept that matter and are related to field.
‼This channel focuses only on education and doesn't promote anything that is unethical. On this channel, I explore the field of Cybersecurity so that it helps the audience to learn and earn at the same time.
🌟Penetration Testing Videos in Hindi
🌟Bug Bounty Hunting Videos in Hindi
🌟Tips and Tricks related to Cybersecurity in Hindi
🌟Forensics Coverage and Tutorials in Hindi
🌟 Useful Cybersecurity News in Hindi
________________________________________
For Business Inquiry-: contact@spinthehack.in
________________________________________
🔴STOP: Before Starting This video, Keep in mind that this video is just for Educational purposes and nothing illegal is promoted here. We, along with KZbin, are not responsible for any kind of action taken by you using this video.🔴
@SpinTheHack 2 жыл бұрын
First you need to setup your npm so install npm with apt install npm and then type NPM LOGIN and add your username and password which you used to create account on npmjs website.
@vivaanvivaan3920 2 жыл бұрын
great knowledgeable video sirrr....neya sikhne ko mila hai....aise video sir or leke aiye channel ke uper
@DrGamer666 2 жыл бұрын
Your video made me so curious about supply chain attacks that i did an in-depth study and later it also helped me in doing the case study about SolarWinds hack. This series is a treasure, thank you ❤
@asuraindra 2 жыл бұрын
exactly
@ashiqurrahman275 Жыл бұрын
best explanation love from bangladesh
@aatankbadboy3941 6 ай бұрын
Love you bro keep uploading 🎉❤❤
@parshantkumar2455 2 жыл бұрын
Please don't stop making these education videos because we love your way of teaching
@jbond5614 2 жыл бұрын
Great explanation bro.
@BotAmi 2 жыл бұрын
I love spin the hack Bhai ❤❤
@mdiftikharmahmud246 2 жыл бұрын
vaiya ji aup karte raho humlog he apke sath
@sparkhar7041 2 жыл бұрын
Great video sir keep it up we are with you 🔥🔥🔥
@Kalia_nullbit 2 жыл бұрын
Thanks!
@hacker-lp7ug 2 жыл бұрын
great work bro
@AR001-28 2 жыл бұрын
Awesome Bhaiya Thank you for your effort ❤️☺️
@vickyrajwade8665 2 жыл бұрын
crystal clear 👌👌👌👌❤❤
@eraedith696 2 жыл бұрын
All good👍
@RachitMaheswari-w6h 3 ай бұрын
excellent
@h4s4n_ma 2 жыл бұрын
Good job🔥
@dishant_singh4556 2 жыл бұрын
Khtrnaak video
@swagat5468 2 жыл бұрын
Thanx bhai is video ke liye...❤️
@hiphopbanglarduniya7135 2 жыл бұрын
After watching this video I found package dependency vunerability one of govt site
@aravindmenon12 2 жыл бұрын
superrr
@jod_jod 2 жыл бұрын
Thanku Bro...❤️
@sushmithas504 Жыл бұрын
Whether your course advance bug bounty is it in English
@Dhruv-te6dy 2 жыл бұрын
thanks for this video
@asuraindra 2 жыл бұрын
From Package Dependency Confusion , upcoming methods and lot more to go on one Station @SpinTheHack and way of teaching will change your perspective to see through thing ♥ RTT Case-Study was really something !! Really Enjoyed and learned lots of thing during SolarWinds Case-Study!!
@0xkavish 2 жыл бұрын
Which terminal or theme are you using , type of shell ?
@shivshivam1634 2 жыл бұрын
🔥🔥🔥🔥
@fairflay9189 2 жыл бұрын
when come osint training?
@AR001-28 2 жыл бұрын
Bhaiya "preinstall" private package me be hoti he?
@gunjanvishwakarma382 2 жыл бұрын
👍👍💯💯
@souravkumar961 Жыл бұрын
What we have to do after this?
@rafael322able 2 жыл бұрын
where do i see the output after execution?
@nerajjha2875 2 жыл бұрын
sir please sir what if they dont upgrade there package how will we valid this bug
@AR001-28 2 жыл бұрын
Bhaiya dependency confusion normally system ambiguity nahi ata bhaiya?
@mvv175 2 жыл бұрын
Thx Bhai
@RamKumar-oq8ov 2 жыл бұрын
Thanks
@SpinTheHack 2 жыл бұрын
Welcome
@shareemnaveen5798 2 жыл бұрын
To bro ismein rce kaise milega.... Mtlb hamne upload kr di.... Ab kya ota machine kb apdate ho... Or burp ka link v use and throw hota hai and ap purane ko use v ni kr sakte ... Hamein pta kaise chlega or poc kaise bnaegi?
@sayim0x 2 жыл бұрын
Great explanation. But my question is if we can successfully takeover npm but we have to wait for update target machine. If target machine is updating then we can get RCE . Without updating target machine we can’t do anything. Here is my question , if i can takeover private dependency then i can report it?? Because if we can try for RCE then we have to wait for updating target machine.
@coffinplayz 2 ай бұрын
did u get your answer ? if yes tell me
@vinaygupta5619 2 жыл бұрын
your content is just mind blowing. 🔥🔥🔥 Can you pls suggest, How do i monitor dark web using open source tools? Which tools are available for dark web monitoring?
@pranshushakya2106 2 жыл бұрын
This will not work. Reason: You make the version number of package 1.0.0 that is the first version of the package. So the system will not update to the publish package. Make the version number large then it will work
@rafael322able 2 жыл бұрын
where do i see the output after execution?
@aryan_shorts812 2 жыл бұрын
Bhaiya apne kha tha youtube hacking videos allow ni krta islye ap website pr dalte ho. Jiska maintenance charge ap fees leke pay krte. To Cloud security k videos website pr q hai? Free m playlist bnaiye youtube pr. Unhe ban ni kiya jyega
@mehulverma9496 2 жыл бұрын
I wanna correct a mistake sir you specified preinstall : index.js insted of this we whould have written preinstall : node index.js to run the script
@savageboi1058 Жыл бұрын
thnx for this bro.....but ek confusion hai jo burpcollaborator ka link dala to vo link to expire ho jayega na to uski jgah pe * lga skte hai ??..plz reply
@UsamaAli-kr2cw Жыл бұрын
@@savageboi1058 aby bhai agr regex ki base pr code attacker host select kr rha hoga tou hr bndey ky paas hit jaega jiska collaborator khulaa huwa hoga.😂😂😂😂
@UsamaAli-kr2cw Жыл бұрын
@@savageboi1058 burpcollaborator ki jga apna khud ka vps use krlo.
@souravchakraborty3872 2 жыл бұрын
Bro yeh wordpress pe bhi ho sakta hain na?
@souravchakraborty3872 2 жыл бұрын
@MR SHERI HACKER uska steps kya hoga?
@shareemnaveen5798 2 жыл бұрын
To bro ismein rce kaise milega.... Mtlb hamne upload kr di.... Ab kya ota machine kb apdate ho... Or burp ka link v use and throw hota hai and ap purane ko use v ni kr sakte ... Hamein pta kaise chlega or poc kaise bnaegi?
@Xpl0itme921 2 жыл бұрын
I reported same vulnerability and all close as N/A 🙄🥺
@mehulverma9496 2 жыл бұрын
You should first wait for pingback on your interactsh or collaborator
@Xpl0itme921 2 жыл бұрын
@@mehulverma9496 tumhe mili koi agr mili to btana broo 🥹🥹
@mehulverma9496 2 жыл бұрын
@@Xpl0itme921 Mujhe mili hai aaaj
@Xpl0itme921 2 жыл бұрын
@@mehulverma9496 konse platform me hackerone ya bugcrowd
@mehulverma9496 2 жыл бұрын
@@Xpl0itme921 Hackerone
@moinkhokhar1897 2 жыл бұрын
Bhai mere 5 Rce Reject hogya Via This same method bhai company boti he hum is ko nhi jante aap ne galat package install karliya he humari ky galti jab ki unki system me me root command whomi or bhi khuch chala ra hu to chalri hhe or unke pc se ho bhi rha he in 5 min mera package 400 bar download kiya ja chuka he fir bhi company nhi man ri he 🤣🤣🤣🤣🤣
@Xpl0itme921 2 жыл бұрын
Same here but ek program ne bounty di hsi mereko
@nerajjha2875 2 жыл бұрын
bhai log i want to say that i am happy today bhai mera same bug pe bounty mila merko aaj lekin kabhi ghamand nahi kiya
@Xpl0itme921 2 жыл бұрын
@@nerajjha2875 kitni ki bounty mili
@itinsider22 2 жыл бұрын
@@Xpl0itme921 kitni di bounty??
Spin The Hack
Рет қаралды 16 М.
Spin The Hack
Рет қаралды 10 М.
Family Games Media
Рет қаралды 75 МЛН
Funny daughter's daily life
Рет қаралды 24 МЛН
Hacking Simplified
Рет қаралды 2,8 М.
Spin The Hack
Рет қаралды 20 М.
Lawrence Systems
Рет қаралды 11 М.
Spin The Hack
Рет қаралды 19 М.
Bug Bounty Reports Explained
Рет қаралды 15 М.
BePractical
Рет қаралды 2,5 М.