TryHackMe - Advent of Cyber 2024 - Day 12 Walkthrough

  Рет қаралды 12,034

Tib3rius

Tib3rius

Күн бұрын

Пікірлер: 84
@JosephBrady-u8c
@JosephBrady-u8c 10 күн бұрын
For the past 2 AoCs, your videos have been the best. You add a ton of value to the lessons they provide, thanks for going in depth and thanks for making these walkthroughs.
@Tib3rius
@Tib3rius 10 күн бұрын
Thanks! Appreciate the kind words.
@DaniSpeh
@DaniSpeh 11 күн бұрын
And again Tib3rius explained the topic exceptionally well, going above and beyond by not just covering the basics but also diving into the 'why' and 'how' behind it. His videos are always so informative, and the streams are especially great for learning. Keep up the amazing work!
@Tib3rius
@Tib3rius 11 күн бұрын
Thank you!
@Jussi-s5n
@Jussi-s5n 5 күн бұрын
Incredible clarity and simplicity in your teaching, yet packed with detailed information on all the essentials. Thank you for this. I'll definitely check out what other content you've created!
@Tib3rius
@Tib3rius 4 күн бұрын
Thanks, hope you enjoy!
@santhoshurs8213
@santhoshurs8213 4 күн бұрын
No other youtuber had explained any task like u did.. understood every small details.. very well explained.
@Tib3rius
@Tib3rius 4 күн бұрын
Thanks! Always enjoy doing these walkthroughs!
@Ox8jOrn4r8Or93
@Ox8jOrn4r8Or93 2 күн бұрын
Great walkthrough Tib3rius. Keep up the good work!
@Tib3rius
@Tib3rius 2 күн бұрын
Thank you!
@c0ri
@c0ri 11 күн бұрын
Nice to see you doing one of these Tib3rius! I've been following your walkthroughs for a few years now. You always go the extra mile and explain all the details.
@Tib3rius
@Tib3rius 11 күн бұрын
Thank you!
@T-Rex0711
@T-Rex0711 9 күн бұрын
I'm so glad I watched this video in addition to reading the room. Your explanation of last byre sync with wireshark was great
@Tib3rius
@Tib3rius 9 күн бұрын
Glad it helped!
@vixytech_cybersecurity
@vixytech_cybersecurity 11 күн бұрын
I enjoyed every byte of this video. Well-done and Thank you. Well explained.
@Tib3rius
@Tib3rius 11 күн бұрын
Thank you!
@KaungKhant-yz8nd
@KaungKhant-yz8nd 10 күн бұрын
This walkthrough is special.... I couldn't help to close my mouth wondering every details your are explaining.. Thank you
@Tib3rius
@Tib3rius 10 күн бұрын
Thank you!
@WhiteHat-1337
@WhiteHat-1337 18 сағат бұрын
Masterpiece! I need to re-watch it... Thank you!
@Tib3rius
@Tib3rius 18 сағат бұрын
Thank you for watching!
@camerawman
@camerawman 11 күн бұрын
Saved some time by going through this walkthrough . Thanks for this
@Tib3rius
@Tib3rius 10 күн бұрын
You're welcome!
@monsolympus7823
@monsolympus7823 Күн бұрын
This is a top tier video.
@Tib3rius
@Tib3rius 19 сағат бұрын
Appreciate the kind words!
@wassimmariamable
@wassimmariamable 11 күн бұрын
Thank you for that. I just learnt something very new to me. Well done Tib3rius. Do you have any videos on Burpe Suite?
@Tib3rius
@Tib3rius 6 күн бұрын
I have a web app hacking playlist that contains a few videos on Burp! kzbin.info/www/bejne/g5OUmayciruSorc But also check out my live streams, we use Burp a lot. I stream most Mondays and Wednesdays, and you can find the recorded streams on the Live tab of my channel!
@madara55655
@madara55655 2 күн бұрын
amazing walkthrough
@Tib3rius
@Tib3rius 2 күн бұрын
Thank you!
@gamehacks5814
@gamehacks5814 4 күн бұрын
you are better than these other plebs, best walktrough!
@lynettestevenson6406
@lynettestevenson6406 11 күн бұрын
Thanks! I loved the additional information, like showing us Wireshark as well.🙂
@Tib3rius
@Tib3rius 11 күн бұрын
Thanks! Glad you enjoyed!
@KumManish
@KumManish 11 күн бұрын
Ah thanks Man ! Your videos are always with a superb quality 🐳
@Tib3rius
@Tib3rius 11 күн бұрын
Thank you! Love making them for y'all!
@mohammadhosein77
@mohammadhosein77 7 күн бұрын
Thank you so much for amazing contenet!
@Tib3rius
@Tib3rius 7 күн бұрын
Glad you enjoy it!
@Dr4hcir
@Dr4hcir 10 күн бұрын
Very informative video. Great work, thanks!
@Tib3rius
@Tib3rius 10 күн бұрын
Thank you!
@sridharjayadavan7979
@sridharjayadavan7979 11 күн бұрын
Hi, Your explanation is awesome and i could able to understand the last byte syn. Thank you.
@Tib3rius
@Tib3rius 11 күн бұрын
Glad to hear it!
@Lahmikhara
@Lahmikhara 11 күн бұрын
While the challenge was pretty easy, even for a beginner like me. This video really added a lot of value. I loved how you went into detail explaining how this attack works. Thank you
@Tib3rius
@Tib3rius 11 күн бұрын
Thanks!
@alienboy689
@alienboy689 2 күн бұрын
First time I've really had Burp explained so well 🐥
@Tib3rius
@Tib3rius 2 күн бұрын
Thank you! 🙏
@faheema4602
@faheema4602 6 күн бұрын
Sort of up, above & around then scroll down 😂 Last-Byte Syn Attack Explanation 👌
@Tib3rius
@Tib3rius 6 күн бұрын
If there's a feature which temporarily disables the changing highlighting, I wanna know about it. 😅
@TheRealVegapunk
@TheRealVegapunk 11 күн бұрын
Yippie!! It's Tib3rius day 😃
@Tib3rius
@Tib3rius 11 күн бұрын
🥳
@PeteShearer
@PeteShearer 11 күн бұрын
I don't know how to react to Tib3rius videos when I don't get to watch a marble race before the meat of the video 😆 Thanks for giving back and sharing your knowledge with everyone.
@Tib3rius
@Tib3rius 11 күн бұрын
🤣 we will do marble racing on the next stream for sure!
@zigaudi
@zigaudi 11 күн бұрын
Great video and explaination.
@Tib3rius
@Tib3rius 11 күн бұрын
Thanks!
@salmakhaled500
@salmakhaled500 2 күн бұрын
amazing explanation appreciate it
@Tib3rius
@Tib3rius 2 күн бұрын
Thanks!
@atharvavlogs1446
@atharvavlogs1446 11 күн бұрын
Awesome video.
@Tib3rius
@Tib3rius 10 күн бұрын
Thank you!
@dawiddym2387
@dawiddym2387 11 күн бұрын
oh yeah Tib3rius the Goat :D
@Tib3rius
@Tib3rius 11 күн бұрын
🥹
@JohsonClint
@JohsonClint 9 күн бұрын
this a lots of information
@lukerzonca5754
@lukerzonca5754 9 күн бұрын
How would you go about getting code to determine if a race condition is possible on a real web app? I know it's provided here to help learn, but is it just a guess and hope it works in a real world scenario, or are there more effective ways to see what the code is doing?
@Tib3rius
@Tib3rius 9 күн бұрын
Great question! Yeah, on a real engagement you are unlikely to have access. It's more about noticing the potential for race conditions in functionality and setting up the conditions where an attack might work, then testing to see if it does.
@shivamnaik7857
@shivamnaik7857 10 күн бұрын
Hi what does:Where balances shift and numbers soar, look for an entry - an open door! mean? what should we look for?
@Zdenon133
@Zdenon133 11 күн бұрын
There is an issue with last task (glitch account). When I duplicated the tab from the previous task and swapped the cookie session, account number and amount for proper values, the Balance went to 0, but no flag was provided.
@Tib3rius
@Tib3rius 11 күн бұрын
I would go join the TryHackMe discord where someone from support should be able to help. Alternatively try resetting the box and trying the attack again with the actual request instead of swapping out values etc.
@Zdenon133
@Zdenon133 11 күн бұрын
​@@Tib3rius Thanks! I wanted to check if it was actually possible. If I were to provide a higher value than 2000 and go below 0, the flag might appear. Unfortunately, in this scenario, I'm also unable to duplicate requests, as the balance cannot process more transactions when it is 0. :D
@Tib3rius
@Tib3rius 11 күн бұрын
Ah I understand what you mean now. Yes, if the balance is at $0 before you start the last-byte-sync attack, it won't work. This is due to a check in the code (see the code review section in the video). If the balance is > $0 however, the attack should be successful!
@Zdenon133
@Zdenon133 11 күн бұрын
@@Tib3rius Ohhh... I think i should get a new pair of glasses :D "over" 2000 :D well nvm then :D Thanks !
@mecyber6316
@mecyber6316 11 күн бұрын
in the task is says send OVER 2000$. and i did as told to do and me end up not getting the flag. how to refund glitch account?
@Tib3rius
@Tib3rius 6 күн бұрын
You can't refund the account as far as I'm aware. You need to reset the machine. I believe to trigger the flag you need to use the exploit like I did in the video. You probably need to make the end balance -$2000 or something.
@newfaith912
@newfaith912 11 күн бұрын
Great it does not work for me. Luckly devs that made code dont check if i transfer 1000 than 2000 so it goes to negative anyway. Cheese way to get flag but i just cant replicate attack. It does 10 requests i get 10 response and only first gets processed. Did same with attackbox and it worked. Now i have even less clue why it didnt work on my personal vm.
@Tib3rius
@Tib3rius 11 күн бұрын
Weird! Yeah not sure why it won't work on your personal VM. Interesting cheese, I thought the code did prevent that, but maybe I misread it. 🤔
@heybevis01
@heybevis01 11 күн бұрын
Aww you gotta give him that TOCTOU
@Tib3rius
@Tib3rius 7 күн бұрын
Can I steal this for a sticker? 🙏🥹
@digvijaynetke9805
@digvijaynetke9805 11 күн бұрын
turbo intruder not installing
@Tib3rius
@Tib3rius 11 күн бұрын
Can you access the Internet from the Attack Box? If you aren't subscribed to TryHackMe I think the Attack Box is limited. Not sure if the same is true for AoC though.
@eliyartursun
@eliyartursun 11 күн бұрын
Try "Last-Byte Sync in Action!" It is fast and better with the grouping, and it will help you find the flag.
@Tib3rius
@Tib3rius 11 күн бұрын
@@eliyartursun in the video I compare last byte sync to Turbo Intruder. I think they are trying to replicate that.
@MannerStyles
@MannerStyles 7 күн бұрын
liked/subbed/followed/incredible
@Tib3rius
@Tib3rius 7 күн бұрын
Thank you!
@Zelousfear
@Zelousfear 11 күн бұрын
Thoughts
@Tib3rius
@Tib3rius 11 күн бұрын
Thank you for following instructions. 👍
@JosiahAyogu
@JosiahAyogu 8 күн бұрын
Wow😮
@nikkirawal3822
@nikkirawal3822 11 күн бұрын
Im the first Thnx for the Video 👍🥰
@Tib3rius
@Tib3rius 11 күн бұрын
You're very welcome! Hope you're enjoying the event!
@ACatttttt
@ACatttttt 11 күн бұрын
thanks for to me. for you see i have no eyes
TryHackMe - Advent of Cyber 2024 - Day 23 Walkthrough
11:12
Tib3rius
Рет қаралды 3,9 М.
Cat mode and a glass of water #family #humor #fun
00:22
Kotiki_Z
Рет қаралды 42 МЛН
Что-что Мурсдей говорит? 💭 #симбочка #симба #мурсдей
00:19
It works #beatbox #tiktok
00:34
BeatboxJCOP
Рет қаралды 41 МЛН
The Best and Worst Cyber Security Certificates 2025 (HUGE Update)
39:46
UnixGuy | Cyber Security
Рет қаралды 36 М.
Advent of Cyber Day 15: Crash Course on Active Directory
31:35
Noob Village
Рет қаралды 11 М.
Hackers Who Get Paid to Hack Companies | Short Documentary
15:39
Understanding ⛔️403 Bypasses⛔️ (With Examples)
13:07
NahamSec
Рет қаралды 23 М.
Which Platform Is Better: TryHackMe or Hack The Box?
9:59
Tyler Ramsbey || Hack Smarter
Рет қаралды 9 М.
Bruteforce WiFi WPA2 with GPU
35:06
David Bombal
Рет қаралды 76 М.
TryHackMe | Advent of Cyber 2024: Day 20 (Traffic Analysis)
21:10
Advent of Cyber Day 19: Game Hacking with Frida - Unlocking Secrets!
18:27
Cat mode and a glass of water #family #humor #fun
00:22
Kotiki_Z
Рет қаралды 42 МЛН