So what you're saying is... We should stalk CTF organizers (and their social feeds) for insight on challenges? Now that's proper social engineering!

> make xss auditor to prevent XSS attacks > hackers use the xss auditor to do xss attacks > shocked_pikachu.jpg

More than 3/4 of your video went over my head. Still, it's an interesting one and I have tons to google xD

watching this made me realize how close I was when time ran out. great challenge and cool video

*zajebiste*

I saw some tricky XSS attacks but this one is next level in terms of creativity :D Also this is another example of Chrome XSS Auditor gone wrong. In my opinion XSS Auditor should be removed - the developer should be responsible for sanitizing user input properly because he knows the context of his application, not the browser.

awesome as always, the moving pointer while you explain xssearch function is super useful, thanks!

If you just had to brute force a search, wouldn't a chrome extension that adds code to the search page do the job (no worries about cross site issues then)? I once used a similar technique to create a list of thousands of email addresses by entering a partial UK postcode into a search, instead of having to do it manually (still took a while and had to manually deal with captcha's)

how did u know the first part of the flag? i.e '35' or '35c3' ? If u already knew that, then u already had got the flag at this point 6:27. so why build a whole new script for checking that?

This is probably a stupid question; but 2:15, was the name used to generate the session ID? As in; using the same name generates the same session ID? EDIT: 5:37 nevermind :)

Can u share like a book or source to make u understand about browser protocols

I remembered someone talked about it in his videos but could not remember who that was. Really cool tricks btw.

Is it somehow possible to play those challenges even after the CTF event is over? Would like to try it out myself before watching your video :D

Q: What effect does the hash(#leak or #test) have on server response? or it is catched by browser?

Hey it's up! Cool to see the process and what goes into just one video.

11:24 "pretty simple, right?" mad respect for him getting to this.

Q: How is it possible he found out letter after letter in (left2right) order if the serverside search condition is: if 'query' in FLAG: It would make sense if the condition was FLAG.startsWith(q) || iterating the FLAG by index A: u don't see the real flag you only get indication that it exist.. assuming the flag was "ABC" it would take 6 attempts Attemp #1, sending "A" = exists #2 AA = nope #3 AB = yes #4 ABA = nope #5 ABB = no #6 ABC = success hope it's not case sensetive

humble and informative and a great guy

Hey there, I recently watched your SIM card video and since I just heard of eSIM, I wondered if you could do a video on that. I imagine it has a lot more vulnerabilites than the standard sim.

Great video once again, awesome work!

Why couldn't you just determine whether a query is an error or not by the response code length? Since the response error is always the same length wouldn't it be easier and quicker? Also why not use python for that script? Was the a must?

Must admit, I didn't follow how the xss attack was required to detect the presence/absence of particular code in the returned page. Is it something to do with the search - if you searched for "35" in the regular webapp would it not show the flag amongst other files?

Which editor (colorscheme) are you using, ~10min

Q: what do i need to do/read to understand this video?

can we just brute force all possible queries from normal url loading and check if there is flag ...

I was so confused becose there was 35c3 ctf junior for begginets right?

wait am i missing something? why isnt just checking if the page has a script tag enough to detect if the search query was successful? no need to go trough an and make it crash right?

its early in the morning so my concentration might have lapsed, but as far as i understand the flag is publicly searchable if you know the name? so the webscrapy thing to do would be to send search queries like the hack solution, but then simply check the length. The reply is far longer (due to length of the javascript part) if the searchquery hit, so the inducing of XSS_auditor error page seems overkill to me. or did i miss something?

Did you get a new recording setup or mic?

Great content!

Great video (already)!

Awesome video :)

Just wow 😍

why not just load some kind of browser rat and then just proxy the traffic from our browser to the "admin" browser and do the search manually and just get the flag

Good stuff

why did u have to brute force it, i mean ifu enter any char that is.part of the flag u get the flag. I might be missing something

So it gives a different response if there's a matching file even if you don't have access to it?

awesome sir

How did the web app react to duplicate session cookies? If it accepts duplicate cookies and the right one takes precedence you might be able to perform a session fixation / login csrf attack from *.appspot.com if you can control a subdomain to it, either by signing up for service or if there is an XSS anywhere on appspot.com, which should not be too hard to find. Take a your own session cookie value and via an XSS on *.appspot.com run: "document.cookie='session=YOURSESSIONIDVALUE; domain=.appspot.com';" impose it on the the victim (CTF box). In your session (shared by victim) create a file with a (self-)XSS that should make the CTF client leak its own session cookie (httponly isn't set) when it is opened in origin filemanager.appspot.com instead of the origin of your XSS on subdomain; or alternatively write javascript to delete the duplicate session cookie on the victim side and some more code to the leak the flag from the original session running your xss on the ctf browser.

Why do you have a sticker of the workers party of Korea flag on your laptop in your profile pic?

So basically at the end of the day this was sort of a social engineering challenge :D

Great video, as always! I am wondering why you always use Chrome. There are also other browsers (Firefox, Opera, Safari). You should also look them and try to find and report their bugs.

why didnt we just try every letter of the alphabet until we find the flag? it DOES find multiple characters, right? maybe you would get a WR fastest ctf challenge solved within 9 seconds, 7 seconds, maybe even 5?

what is the name of ur music. I'm in love with it.

Need more research before diving straight into CTF hell holes. Noted

Hi LiveOverflow, I am trying to access raspberry pi, which is behind a Nat ‘ed network from internet without port forwarding and third party website. The functionality I am looking is something like what dataplicity.com is doing. I am noob to networking and python. But have strong coding knowledge with Microsoft .net and Angular 2 and higher. I would like to host my own website with this functionality. Could you please help me with this? Aslo dataplicity’s client agent can be found at github.com/wildfoundry/dataplicity-agent

Good to know... Thanks for the video

Nice vid

Next time I'll try too

This is so complex!

i dont understand a single word :D lots to learn

How did you find the password when every user that you create has a different database of files?

If important security research is only available in twitter conversations then I would say that is the fault of the researchers for failing to publish their findings properly, not on other users for not staying up to date.

HOLLY SHIT BRO.. i feel like a real script kiddie now :(

This is some high level shit

i wish after one month in time i will be able to understand this

The thumbs up - as promised :-)

Which one is better? Django or Flask?

Who wants to do a CTF with me?

Duuuuuude, 2 midroll ads. On a 13 minute long video... uncool

Заебато челик раскладывает

So what's really the solution to any of these problems? Who has time to subscribe to like 50 different people on Twitter and watch as they re-tweet and re-post some random political bullshit 90% of the time to dig out the hidden gems? And is Google planning on fixing this issue?

I watch all of your videos But I don't understand shit

ok after all i just understood the word HTML :(

I didn't understand shit

Last

first