XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
Рет қаралды 52,964
Күн бұрын
@nyandesu9165 4 жыл бұрын
"Or whatever, so no clue. But in the end, still solved it. Who cares." Every coder ever.
@xyzzyx182 4 жыл бұрын
Overflow is gaining such a deep understanding of computers that he's becoming one. How long before he can't beat recapcha
@WitherBossEntity 4 жыл бұрын
The endless reCaptcha looks about normal for when I use Tor.
@IAmOxidised7525 4 жыл бұрын
Underrated comment..
@cat47 3 жыл бұрын
ya lol, that's why I don't use it
@TheGrimravager 4 жыл бұрын
today I found a vulnerability at my job's codebase. Essentially arbitrary file deletion.. patched that real quick. I like to think your videos gave me the thinking patterns needed to be able to spot this vulnerability. Thank you!
@Lolo5 4 жыл бұрын
Give some more details please :)
@TheGrimravager 4 жыл бұрын
@@Lolo5 hmmm, no sorry :)
@ScorpioneOrzion 4 жыл бұрын
@@TheGrimravager what was the type of vulnerability, if you want to tell that.
@TheGrimravager 4 жыл бұрын
@@ScorpioneOrzion essentially arbitrary file deletion due to a non-sanitized call to php's unlink function. But luckily most files were not writable by the user that would execute the php-script
@NStripleseven 3 жыл бұрын
Nice
@zacksargent 4 жыл бұрын
1:15 -> I think you did a bunch of those capchas wrong. When it says it wants the traffic lights, you selected the poles as well.
@heroslippy6666 4 жыл бұрын
that feeling when the captcha thinks motorcycles and bicycles are the same thing.
@gyroninjamodder 4 жыл бұрын
That's because the poles have traffic lights on them
@konradw360 4 жыл бұрын
It's google using the CTF players as free workers. If you want the flag work 5 min for us :D
@Anonymous-vh6kp 4 жыл бұрын
Konrad W correct
@abbb8615 4 жыл бұрын
he a robot
@1vader 4 жыл бұрын
Your usage of Promises is ... interesting ... The purpose of Promises is exactly to avoid the nesting you are doing and that you would usually get when using callbacks. You can just do this: fetch("/flag").then(r => r.text()).then(t => fetch(...))
@akuviljanen4695 4 жыл бұрын
I think modern chrome supports `await` in console too
@TimLF 4 жыл бұрын
@@akuviljanen4695 only in an async function as the exploit is not run in console
@akuviljanen4695 4 жыл бұрын
Fortunately it's easy to wrap everything into an async lambda
@AtheistReligionIsCancer 4 жыл бұрын
Very good info.
@IBMboy 3 жыл бұрын
Lol i did that too before learning how promises work
@RonFarkash 4 жыл бұрын
I recently started to learn some Web Application pen-testing, and a lot of the things here finally made sense for me, thank you for your detailed explanation.
@rishabhpant1828 4 жыл бұрын
Bro i was eagerly waiting for this since 1 week... As a newbie, i wanted the walkthrough. Thank you so much bro
@danielkrajnik3817 3 жыл бұрын
1:30 that's a lot of dedication
@abadhaiku 3 жыл бұрын
Imagine being on the other end of this... You open up a ticket from a user and suddenly two little embedded windows open and your password is leaked
@AnPham-uz3td 4 жыл бұрын
I think people with extensive knowledge about client-side would understand this haha
@barefeg 4 жыл бұрын
Testing for XSS in all fields of my page RN 😅
@Zuudo 4 жыл бұрын
those nested Promise#then calls cause me pain 😶
@attention_shopping 4 жыл бұрын
great stuff, didn't know self-xss was vulnerable in this way!
@Timooooooooooooooo 4 жыл бұрын
Me neither! This is very good to know
@warker_de 4 жыл бұрын
🤯🤯🤯... looking this for the 5. time
@imflo1060 4 жыл бұрын
13:39, 2 second too long :'(
@AtheistReligionIsCancer 4 жыл бұрын
He should have sped up the intro just to make it fit.
@felchore 4 жыл бұрын
Awesome video, thanks!
@KTibow 4 жыл бұрын
If you want to get through captchas faster, only check 3 boxes. No more, no less.
@kkaran6693 4 жыл бұрын
Where can I learn this stuff????
@IAmOxidised7525 4 жыл бұрын
Try using promises .... thats what I thought when I saw timeouts...
@realyoutubekumar 3 жыл бұрын
that captcha tho...😅
@unknown-mh9fk 4 жыл бұрын
u see from doing ctfs and watching videos i was able to follow i was like wow i really learned a lot i can follow this until about 6 minutes the i was like -_- what
@hweissi 4 жыл бұрын
Hi, can you do a video writeup for the mathsh challenge from GoogleCTF? I am searching for a writeup of that challenge since the end of the CTF. I worked on that challenge for many hours but couldn't clear it, and I would just want to know if I was on the right track.
@DHIRAL2908 4 жыл бұрын
PWN challenges please!!!
@WhiteBoiDave 4 жыл бұрын
could u get us deeper into sdr? would be great!
@ManishShah-qk4lj 3 жыл бұрын
Wow amazing video I love it but I better understand in hindi language
@Zedoy 4 жыл бұрын
Managarmr is so awkward to pronounce 😂😂😂😂
@Anonymous-vh6kp 4 жыл бұрын
Manager Mr
@ChillerDragon 4 жыл бұрын
Should be smoother if it’s your teammate tho?
@TheRetsekShow2236 4 жыл бұрын
In your XSS when you have typed "fetch('/flag').then( r => { ....." What is "r"? Is it the "response" of the fetch request?
@machinexa1 4 жыл бұрын
idk much javascript but probably that is r a custom function so is t
@dennis-heinrich 3 жыл бұрын
Of course, it is the actual response if no error ocurred in the (hopefully present) ".catch(err => { /** **/ })" function. developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch
@machinexa1 3 жыл бұрын
@@malloc8634 nice
@jockillfull 4 жыл бұрын
Have you played the CSAW? I saw team ALLES, it's yours right? How did it went?
@titiloxx 4 жыл бұрын
If anyone have tried using CSRF it does not work because admin can not change his address. Only normal users can do. So, you have to use some technique like preload an like this man did. Or just check the document.referrer
@DawnnDusk-k4n 4 жыл бұрын
Come on... Next Gibe me Next video LiverFlow!!!
@Channel-he5fr 2 жыл бұрын
Do you like John Hammond?
@zsin128 4 жыл бұрын
Why don't you use Firefox?
@LiveOverflow 4 жыл бұрын
Why don’t you use Chrome?
@zsin128 4 жыл бұрын
@@LiveOverflow it eats ram (and is slower than Firefox on my PC)
@0xecho 4 жыл бұрын
@@zsin128 lol you're out here fighting about browsers, while im out here curling the page and imagining what it looks like im my head
@0xecho 4 жыл бұрын
P.S. I donot recommend that, not fun
@pipony8939 4 жыл бұрын
Why don't you use Internet Explorer?
@soggytoast111 4 жыл бұрын
Are you sure that setTimeout actually does anything? I've run into issues before when trying to use setTimeout to control a data flow - it's still all executed instantly and doesn't work the same way as async/await/promise.
@laurinneff4304 4 жыл бұрын
setTimeout, at least in my experience, works, but he should've used async/await or promises on this case
@pietrohideki 4 жыл бұрын
If you have some doubts or think you need some more insight on setTimeout i suggest you to search on youtube "what the heck is event loop anyway" it's a video of around 26 minutes which gives a good insight on the event loop and how sometimes setTimeout is used in the wrong way. Hope this helps
@aayushk2845 4 жыл бұрын
hi i'm pretty new to hacking and i wanted to try to find a vuln in iitianspace.com/login.php pls help
@appsecjourney8907 4 жыл бұрын
Hello brother, Can I ask you some questions? You told, you using linux in docker. How to set up linux in docker to get the external IP?
@crossetta 3 жыл бұрын
google is your friend
@diegodejesus9668 4 жыл бұрын
Do you think that with the passage of time, the systems will be more secure and hacking will be almost impossible (or unnecessary)?
@ianthethird420 2 жыл бұрын
No
@shubhamdwivedi7766 4 жыл бұрын
I passed the captcha in 2 trials lol😂
@Alkiiis 4 жыл бұрын
There is also an solution where you find the username/password in the document.referer. github.com/weibell/ctf-google2020/tree/master/tech-support
@vendybirdsvadl7472 4 жыл бұрын
Is there CTF for begineers? Or something like that?
@Timooooooooooooooo 4 жыл бұрын
Take a look at PicoCTF
@kmcat 4 жыл бұрын
When I read the flag name, I sometimes think I could of guest that
@gameglitcher 4 жыл бұрын
That's great except for the no brute forcing flags condition on ctf's :)
@cassandradawn780 4 жыл бұрын
WOW im early. 4 min ago
@DiggOlive 4 жыл бұрын
Less Smoked Leet Chicken
@MisterL2_yt 3 жыл бұрын
1:00 Wait a second how is there a traffic light in the last box he clicks? I would have failed that captcha... edit: nvm, it was him who failed the captchas lol
@flyingpeter 3 жыл бұрын
jesus christ, where does one even begins to solve that
@blobthekat 2 жыл бұрын
2:23 learn how to use promises man
@tera_hz7125 4 жыл бұрын
Team pasten wants to know your location
@52.yusrilihsanadinatanegar79 4 жыл бұрын
*captcha lol*
@zCri 3 жыл бұрын
wtf is that captcha lmfao
@lab-at-home 4 жыл бұрын
Funny, I solved this guy using the referrer. I guess it was not intended solution
@Timooooooooooooooo 4 жыл бұрын
Do you have a write up (or short explanation) of your solution? I'm very interested in it
@BERTDELASPEED 4 жыл бұрын
I wish I had that knowledge 😑
@aashikyadav4439 4 жыл бұрын
wish I could understand this .
@yashb.pandhare5772 4 жыл бұрын
🧐👍🤝🤜👌
@moriartyshelby1618 4 жыл бұрын
"who cares" in a nutshell in this video...XD
@muddassirahmed3342 4 жыл бұрын
wha?
@4n1eu 4 жыл бұрын
i don't understand anything
@soggytoast111 4 жыл бұрын
The short version: The tech support app has a bug in it that allows you to post content that will be parsed as Javascript. This is a major security vulnerability known as xss. The point of the challenge is to get the Google bot to leak out his cookie by having it trigger your inserted malicious Javascript code. But you can't simply grab the cookie and send it back to you because the CORS check will block it. So the solution is you have to do all kinds of acrobatics with your Javascript code and a second XSS to walk the Google bot around the site and log in and out on different sessions.
@internetdoggo4839 3 жыл бұрын
Understandable. I had to watch it 3 times to understand it
LiveOverflow
Рет қаралды 37 М.
RAMBERDIYEV
Рет қаралды 877 М.
LiveOverflow
Рет қаралды 27 М.