SQLite Blind SQL Injection - HackTheBox Cyber Apocalypse CTF

  Рет қаралды 72,294

John Hammond

John Hammond

Күн бұрын

Пікірлер: 96
@justincrowl1629
@justincrowl1629 3 жыл бұрын
Most of the time you get a video by an old pro that knows the answers, or somebody that edited it to appear better than they are. I personally learned far more watching you stumble your way to a solution and working through the logic. This is gold, and you earned yourself a subscriber! Keep 'em coming
@ralphy3393
@ralphy3393 3 жыл бұрын
Agree!!!
@mkevilempire
@mkevilempire 3 жыл бұрын
Could you point to one of those videos with some old pro who knows the answers? :)
@justincrowl1629
@justincrowl1629 2 жыл бұрын
@@mkevilempire John is a pro that knows the answers. However he walks through it in more depth than hitting F12 and saying "there it is! That's the vulnerable code". And then running the script he knows will exploit it and saying "there ya go". Some people are just born teachers. Tomnomnom is another person that I feel is a natural teacher. Some people got it some people don't.
@MyurrDurr
@MyurrDurr 3 жыл бұрын
Watching it gradually print out the flag was like watching a hacker scene in a movie :')
@NeXXyD
@NeXXyD 3 жыл бұрын
Awesome video as always! :D // TOOD: Replace all TODO's for TOOD
@PhilAlbu
@PhilAlbu 3 жыл бұрын
TOOD! 😀
@simplysurvival6115
@simplysurvival6115 2 жыл бұрын
As a total noob, that was incredible to watch. Seeing you work that out logically was so helpful in showing the type of thought process it takes. Thank you
@jannikmeissner
@jannikmeissner 3 жыл бұрын
Such a great video again! Despite me wanting to scream at you sometimes, but you noticed all of it on your own.
@neui6997
@neui6997 3 жыл бұрын
Well that’s pretentious
@jannikmeissner
@jannikmeissner 3 жыл бұрын
@@neui6997 haha, I guess it came across differently - I am learning way more than I would have known, but some things are easier to pick up as a viewer and/or with a different perspective, so obviously there are those "why don't you try X" moments - but I probably wouldn't get to those places on my own (last time I actually worked on offensive security was 13 years ago, in which there is a six year period in which I didn't write a single line of code in any language before I got back to a more technical role now)
@almostanengineer
@almostanengineer 3 жыл бұрын
I don't know about want to scream, some of us actually started shouting at the screen.
@jonathanblomberg
@jonathanblomberg 2 жыл бұрын
This is like magic, didn't understand a single thing but enjoyed every second of it.
@RedHeadWolf117
@RedHeadWolf117 3 жыл бұрын
Thanks! I need to get into this! At the moment I'm a SOC analyst. I've ran into your articles on Huntress Security while reading about things while I'm solving/researching events! So thank you for that. :D
@ahoustonpsych
@ahoustonpsych 3 жыл бұрын
Hey John, I'm a relatively new viewer (started getting your videos recommended a month ago). I wanted to share my thoughts on videos like this. For reference, I'm 27 and have delved into programming mostly as a hobby. I've never done anything like the challenges* you post about, but I'm absolutely enthralled by them I'm a SUPER huge fan of the kind of live, mostly-uncut reverse engineering you've been doing in this video and others. I feel that you're genuinely adding something to the huge wealth of content that's out there. Everything from the way you conduct yourself in the video, to the way you explain little details, to the way you spend time googling something real quick to figure something out, to your personality and sense of humility, is absolutely perfect. I have almost zero actual criticisms. You're extremely personable and I find it extremely easy to relate to you as a person in a video like this (as in, your train of thought is very similar to my own, and you end up having a lot of the same questions that I have). You're very good at explaining your thought process: it's always clear where you are and what you're doing, what you're about to do (mostly), and what you've done already, and it's very easy to follow and understand you. The live element is phenomenal, and I'm genuinely looking forward to future content from you. Thank you for taking the time to make these videos! * I'm talking about any of the live stuff you do. Challenges, malware analysis, etc. They're all gold.
@JohanSteyn777
@JohanSteyn777 3 жыл бұрын
I really like the fact that I could follow your thought process while unpacking each section of code. The video isn't edited to show less, it just jumped twice to what was already explained and bound to happen because the statement syntax was now correct. Thanks to my friend Machiavelli for recommending this video.
@elidexterdiaz
@elidexterdiaz 3 жыл бұрын
good master..every video we learn.. nothing script kiddies..pure knowledges..thanks a lot for teaching us.
@shuttlecrab
@shuttlecrab 2 жыл бұрын
This was super freaking interesting. Blind injection is quite a weird one to me and couldn't wrap my head around some of the reading I've done, this opened my eyes to the possibilities of blind injection and what can be done, thank you very much
@Topherelius
@Topherelius 3 жыл бұрын
Super awesome! I really enjoy palling around with you on challenges. I'm learning a lot about the critical thinking of try, fail, try something else instead of getting bogged down in an endless loop of my own making. Thanks a bunch John!
@AjitemSahasrabuddhe
@AjitemSahasrabuddhe 3 жыл бұрын
Wow! This is one of the most amazing videos that I've ever seen.
@59TheLouis
@59TheLouis 3 жыл бұрын
The character messing up things wasn't the &,#,% or the others, it was the ' haha. You printed the message at the end of the loop so it threw the error before getting to the message (you can see the faulty char right before the exception at 27:49 when you print the char at the beginning of the loop). It does make sense too because you surround the char you're trying with single quotes. Anyway good video
@yovelspike
@yovelspike 3 жыл бұрын
nice eye, I wouldn't have seen that without your comment. That attention to detail looks like a skill I would like =D
@59TheLouis
@59TheLouis 3 жыл бұрын
@@yovelspike haha thanks, gotta catch them bugs ;)
@nothingnothing1799
@nothingnothing1799 3 жыл бұрын
For anyone wondering the song at the end is fearless by lost sky. Also great video like everyone else I was screaming END
@jhbonarius
@jhbonarius 3 жыл бұрын
I was literaly shouting "END!" At the screen 😫
@nandobordas
@nandobordas 3 жыл бұрын
Glad to know I wasn't the only one. 🤣
@lobley2
@lobley2 3 жыл бұрын
He got there in the…. END
@Kiiib4
@Kiiib4 3 жыл бұрын
Great to watch someone being able to script this. :D I literally had to semi-brute the table and the flag using BurpSuite Intruder because I horribly suck at automating stuff like that. Took me 45 Minutes to get it done.
@justkiddieng6317
@justkiddieng6317 2 жыл бұрын
WOW that logic. also that gradually printing the flag amazed me. wow bro
@bobbyaguirrejr3491
@bobbyaguirrejr3491 3 жыл бұрын
Idk why but this was fun to watch. A lot of aha moments for me. Thanks man
@yaakovkrakowich4563
@yaakovkrakowich4563 3 жыл бұрын
Same here, I'm loving your channel so far✌
@avikkarmakar7997
@avikkarmakar7997 3 жыл бұрын
John makes every hard question human-doable :-). it was really fun. I really struggled at this one
@jacopocaira5199
@jacopocaira5199 3 жыл бұрын
I learn a lot wtchig your videos, you're really good, i'm you're sub now, amazing work John!!
@mossdem
@mossdem 3 жыл бұрын
Lovely timing. Needed this after a stressful day! Great video
@koussayhajkacem287
@koussayhajkacem287 3 жыл бұрын
The END JOHN, the END! That's what I figured out from the challenge...
@rntr200
@rntr200 3 жыл бұрын
Keep them coming these are great! Good job
@jsmrdck
@jsmrdck 3 жыл бұрын
Thank you John, very encouraging.
@Joel-gf4zl
@Joel-gf4zl 2 жыл бұрын
Definitely gives more knowledge than throwing it at sqlmap.
@McTavish1234567890
@McTavish1234567890 3 жыл бұрын
Nice video! Learned alot watching you
@PreetisKitchenltr
@PreetisKitchenltr 3 жыл бұрын
Thats cooooooool 🔥🔥
@Timooooooooooooooo
@Timooooooooooooooo 3 жыл бұрын
Love this 👍
@aspiringpentester9347
@aspiringpentester9347 3 жыл бұрын
impressive loving the vidz man
@Westar.
@Westar. 3 жыл бұрын
Love these code review challenges
@MyuzikuNouto
@MyuzikuNouto 3 жыл бұрын
That was dope!
@abhinavgamercr1419
@abhinavgamercr1419 3 жыл бұрын
Hi John sir big fan new in your channel !
@julesl6910
@julesl6910 3 жыл бұрын
That was great, thank you so much!
@georgehammond867
@georgehammond867 3 жыл бұрын
Very nice ...Dumps-Up!
@hahab
@hahab 3 жыл бұрын
Great video!!!
@lobley2
@lobley2 3 жыл бұрын
While watching this video, with my limited knowledge of sql injection I was wondering if it would be a lot easier to just stick a semicolon into that order by input to allow you to end that sql statement and start a new one, enabling you to put in whatever you want… but I did eventually realize the code running the sql query is outputting whatever is returned by the FIRST statement, so any sql you could run after that first statement would *probably* be useless if the end goal is to leak data. (however would still be useful if your end goal was to destroy data or something like that)
@krlst.5977
@krlst.5977 3 жыл бұрын
Great video i had a good time. Thx
@oschvr
@oschvr 3 жыл бұрын
Awesome !!
@rebootlinux608
@rebootlinux608 3 жыл бұрын
I love your content bro.👍
@SecurityTalent
@SecurityTalent 2 жыл бұрын
Great bro.
@abulaman8713
@abulaman8713 3 жыл бұрын
Man watching that flag coming thru almost was like magic ❤️
@lterego
@lterego 3 жыл бұрын
This was a fun problem. Solved it using the BurpSuite during the challenge... then got ashamed and went back and made a nice python script. Aliencamp was another fun emoji challenge :)
@florentwinamou6650
@florentwinamou6650 3 жыл бұрын
you're the man....
@popooj
@popooj 3 жыл бұрын
need look some more into blind sqli... but always a blast !
@shubhamnailwal3561
@shubhamnailwal3561 3 жыл бұрын
You are awesome
@hackingismylife2167
@hackingismylife2167 3 жыл бұрын
Hello sir your videos rellay helpfull for beginner
@UZBANONS
@UZBANONS 3 жыл бұрын
Good Luck bro
@blazi_0
@blazi_0 3 жыл бұрын
Wow bro this was cool
@bech2342
@bech2342 3 жыл бұрын
now it's time to learn how to make a blind injection with less requests 🙈 well done.
@nothingnothing1799
@nothingnothing1799 3 жыл бұрын
Considering how the flags are structured he could check vowels first then constants by their commonality in words, but other then that you risk missing a character
@krishanuchhabra
@krishanuchhabra 3 жыл бұрын
Awesome
@xiam.
@xiam. 2 жыл бұрын
so cool
@_CryptoCat
@_CryptoCat 3 жыл бұрын
😻
@Synapse-id6ej
@Synapse-id6ej 3 жыл бұрын
Great video, but you should apply threading for the final part, much faster work
@azelbane87
@azelbane87 3 жыл бұрын
A MA ZI NG as usual 👏🤣👌🏽👍🏿👏
@tg7943
@tg7943 3 жыл бұрын
Push!
@custume
@custume 3 жыл бұрын
good video
@LilPozzer
@LilPozzer 3 жыл бұрын
бРАВО, Маэстро!
@kaylubhsu8934
@kaylubhsu8934 20 күн бұрын
Wouldn't using SQLmap be much faster?
@NoTengoIdeaGuey
@NoTengoIdeaGuey 2 жыл бұрын
Gotta love the moment where I'm yelling "END....ENDD...END...it needs an END" at my screen. I know for a fact if someone were to record me coding there would be probably 5x as many instances of me freaking out over what went wrong when it's just some silly syntax error i forgot to copy from the documentation lmao.
@HitemAriania
@HitemAriania 3 жыл бұрын
21:37, how long was the break? :) awesome work tho mister! really great stuff!
@ca7986
@ca7986 3 жыл бұрын
❤️
@mjtonyfire
@mjtonyfire 3 жыл бұрын
Your brain. Your damn brain. KUDOS!!!
@ayush_panwar1
@ayush_panwar1 3 жыл бұрын
Hi , we need a live session , also love from india
@johnsnow1062
@johnsnow1062 3 жыл бұрын
Cool
@neiltropolis
@neiltropolis 3 жыл бұрын
More Rick and Morty please! Oh wait, wrong guy
@LinuxJedi
@LinuxJedi 3 жыл бұрын
why does your sublime text instantly update to executable?
@devil874
@devil874 3 жыл бұрын
you could have also done it with a time based subselect ;D
@gametech9649
@gametech9649 3 жыл бұрын
Anyone tell me wht all the programming Lang I need to know for hack the box and anyone tell where to learn hacking
@CrossDeMilo
@CrossDeMilo 3 жыл бұрын
i BLAME YOU for The Sleepless Nights, lol jpjp,watching ur videos lol
@ko-Daegu
@ko-Daegu 3 жыл бұрын
Where’s printable car in your python script used ??? How does python knows hay I should print only these char ???
@hrisikeshroy9976
@hrisikeshroy9976 3 жыл бұрын
Where to learn ctf and htb
@aryankumar3356
@aryankumar3356 3 жыл бұрын
Hi Sir Help Me i want to know best book to learn reverse engineering from zero to advance..... Plzz help Thanks
@nandobordas
@nandobordas 3 жыл бұрын
The END, John. THE END. That's it, that's the comment.
@justknot4481
@justknot4481 3 жыл бұрын
alocate object types to object class?🙂👻
@jeezboi5079
@jeezboi5079 3 жыл бұрын
Hilson thapa Bernhardt
@connected0x00
@connected0x00 3 жыл бұрын
subtitle?
@Maybehassanawad
@Maybehassanawad 3 жыл бұрын
I NEED MALWARE VIDEOS
@Heavenig
@Heavenig 3 жыл бұрын
Any biafran here?
@haroldgreenhalgh9942
@haroldgreenhalgh9942 2 жыл бұрын
in the real world you dont have all the code to look at
@alientubeGalaticfederation
@alientubeGalaticfederation 3 жыл бұрын
guy says hes a hacker expert doesnt even know case statements, damn must be pro walk thru then do the hack.... lol
@OMER3-1-3
@OMER3-1-3 2 жыл бұрын
@jorgevilla6523
@jorgevilla6523 3 жыл бұрын
Great video!!
XML Object Exfiltration - HackTheBox Cyber Apocalypse CTF "E. Tree"
28:13
Cloudflare CDN CSP - XSS Bypass / HackTheBox Cyber Apocalypse CTF
40:49
КОНЦЕРТЫ:  2 сезон | 1 выпуск | Камызяки
46:36
ТНТ Смотри еще!
Рет қаралды 3,7 МЛН
-5+3은 뭔가요? 📚 #shorts
0:19
5 분 Tricks
Рет қаралды 13 МЛН
Почему Катар богатый? #shorts
0:45
Послезавтра
Рет қаралды 2 МЛН
Blind MongoDB NoSQL Injection - HackTheBox Cyber Apocalypse CTF
19:11
IFrame Parent XSS - HackTheBox Cyber Apocalypse CTF
32:03
John Hammond
Рет қаралды 73 М.
Plundering AWS S3 Buckets - HackTheBox
1:04:04
John Hammond
Рет қаралды 75 М.
OAuth 2.0 and OpenID Connect (in plain English)
1:02:17
OktaDev
Рет қаралды 1,8 МЛН
Gitlab LFI to RCE - HackTheBox "Laboratory"
1:13:44
John Hammond
Рет қаралды 117 М.
Ansible 101 - Episode 1 - Introduction to Ansible
1:03:43
Jeff Geerling
Рет қаралды 560 М.
Pentesting Diaries 0x1 - SQL Injection 101
1:20:01
HackerSploit
Рет қаралды 35 М.
HackTheBox - OnlyForYou
45:16
IppSec
Рет қаралды 14 М.
HTTPS, SSL, TLS & Certificate Authority Explained
43:29
Laith Academy
Рет қаралды 147 М.
КОНЦЕРТЫ:  2 сезон | 1 выпуск | Камызяки
46:36
ТНТ Смотри еще!
Рет қаралды 3,7 МЛН