"Or whatever, so no clue. But in the end, still solved it. Who cares." Every coder ever.
@xyzzyx1824 жыл бұрын
Overflow is gaining such a deep understanding of computers that he's becoming one. How long before he can't beat recapcha
@WitherBossEntity4 жыл бұрын
The endless reCaptcha looks about normal for when I use Tor.
@IAmOxidised75254 жыл бұрын
Underrated comment..
@cat473 жыл бұрын
ya lol, that's why I don't use it
@TheGrimravager4 жыл бұрын
today I found a vulnerability at my job's codebase. Essentially arbitrary file deletion.. patched that real quick. I like to think your videos gave me the thinking patterns needed to be able to spot this vulnerability. Thank you!
@Lolo54 жыл бұрын
Give some more details please :)
@TheGrimravager4 жыл бұрын
@@Lolo5 hmmm, no sorry :)
@ScorpioneOrzion4 жыл бұрын
@@TheGrimravager what was the type of vulnerability, if you want to tell that.
@TheGrimravager4 жыл бұрын
@@ScorpioneOrzion essentially arbitrary file deletion due to a non-sanitized call to php's unlink function. But luckily most files were not writable by the user that would execute the php-script
@NStripleseven3 жыл бұрын
Nice
@zacksargent4 жыл бұрын
1:15 -> I think you did a bunch of those capchas wrong. When it says it wants the traffic lights, you selected the poles as well.
@heroslippy66664 жыл бұрын
that feeling when the captcha thinks motorcycles and bicycles are the same thing.
@gyroninjamodder4 жыл бұрын
That's because the poles have traffic lights on them
@konradw3604 жыл бұрын
It's google using the CTF players as free workers. If you want the flag work 5 min for us :D
@Anonymous-vh6kp4 жыл бұрын
Konrad W correct
@abbb86154 жыл бұрын
he a robot
@1vader4 жыл бұрын
Your usage of Promises is ... interesting ... The purpose of Promises is exactly to avoid the nesting you are doing and that you would usually get when using callbacks. You can just do this: fetch("/flag").then(r => r.text()).then(t => fetch(...))
@akuviljanen46954 жыл бұрын
I think modern chrome supports `await` in console too
@TimLF4 жыл бұрын
@@akuviljanen4695 only in an async function as the exploit is not run in console
@akuviljanen46954 жыл бұрын
Fortunately it's easy to wrap everything into an async lambda
@AtheistReligionIsCancer4 жыл бұрын
Very good info.
@IBMboy3 жыл бұрын
Lol i did that too before learning how promises work
@RonFarkash4 жыл бұрын
I recently started to learn some Web Application pen-testing, and a lot of the things here finally made sense for me, thank you for your detailed explanation.
@rishabhpant18284 жыл бұрын
Bro i was eagerly waiting for this since 1 week... As a newbie, i wanted the walkthrough. Thank you so much bro
@danielkrajnik38173 жыл бұрын
1:30 that's a lot of dedication
@abadhaiku3 жыл бұрын
Imagine being on the other end of this... You open up a ticket from a user and suddenly two little embedded windows open and your password is leaked
@AnPham-uz3td4 жыл бұрын
I think people with extensive knowledge about client-side would understand this haha
@barefeg4 жыл бұрын
Testing for XSS in all fields of my page RN 😅
@Zuudo4 жыл бұрын
those nested Promise#then calls cause me pain 😶
@attention_shopping4 жыл бұрын
great stuff, didn't know self-xss was vulnerable in this way!
@Timooooooooooooooo4 жыл бұрын
Me neither! This is very good to know
@warker_de4 жыл бұрын
🤯🤯🤯... looking this for the 5. time
@imflo10604 жыл бұрын
13:39, 2 second too long :'(
@AtheistReligionIsCancer4 жыл бұрын
He should have sped up the intro just to make it fit.
@felchore4 жыл бұрын
Awesome video, thanks!
@KTibow4 жыл бұрын
If you want to get through captchas faster, only check 3 boxes. No more, no less.
@kkaran66934 жыл бұрын
Where can I learn this stuff????
@IAmOxidised75254 жыл бұрын
Try using promises .... thats what I thought when I saw timeouts...
@realyoutubekumar3 жыл бұрын
that captcha tho...😅
@unknown-mh9fk4 жыл бұрын
u see from doing ctfs and watching videos i was able to follow i was like wow i really learned a lot i can follow this until about 6 minutes the i was like -_- what
@hweissi4 жыл бұрын
Hi, can you do a video writeup for the mathsh challenge from GoogleCTF? I am searching for a writeup of that challenge since the end of the CTF. I worked on that challenge for many hours but couldn't clear it, and I would just want to know if I was on the right track.
@DHIRAL29084 жыл бұрын
PWN challenges please!!!
@WhiteBoiDave4 жыл бұрын
could u get us deeper into sdr? would be great!
@ManishShah-qk4lj3 жыл бұрын
Wow amazing video I love it but I better understand in hindi language
@Zedoy4 жыл бұрын
Managarmr is so awkward to pronounce 😂😂😂😂
@Anonymous-vh6kp4 жыл бұрын
Manager Mr
@ChillerDragon4 жыл бұрын
Should be smoother if it’s your teammate tho?
@TheRetsekShow22364 жыл бұрын
In your XSS when you have typed "fetch('/flag').then( r => { ....." What is "r"? Is it the "response" of the fetch request?
@machinexa14 жыл бұрын
idk much javascript but probably that is r a custom function so is t
@dennis-heinrich3 жыл бұрын
Of course, it is the actual response if no error ocurred in the (hopefully present) ".catch(err => { /** **/ })" function. developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch
@machinexa13 жыл бұрын
@@malloc8634 nice
@jockillfull4 жыл бұрын
Have you played the CSAW? I saw team ALLES, it's yours right? How did it went?
@titiloxx4 жыл бұрын
If anyone have tried using CSRF it does not work because admin can not change his address. Only normal users can do. So, you have to use some technique like preload an like this man did. Or just check the document.referrer
@DawnnDusk-k4n4 жыл бұрын
Come on... Next Gibe me Next video LiverFlow!!!
@Channel-he5fr2 жыл бұрын
Do you like John Hammond?
@zsin1284 жыл бұрын
Why don't you use Firefox?
@LiveOverflow4 жыл бұрын
Why don’t you use Chrome?
@zsin1284 жыл бұрын
@@LiveOverflow it eats ram (and is slower than Firefox on my PC)
@0xecho4 жыл бұрын
@@zsin128 lol you're out here fighting about browsers, while im out here curling the page and imagining what it looks like im my head
@0xecho4 жыл бұрын
P.S. I donot recommend that, not fun
@pipony89394 жыл бұрын
Why don't you use Internet Explorer?
@soggytoast1114 жыл бұрын
Are you sure that setTimeout actually does anything? I've run into issues before when trying to use setTimeout to control a data flow - it's still all executed instantly and doesn't work the same way as async/await/promise.
@laurinneff43044 жыл бұрын
setTimeout, at least in my experience, works, but he should've used async/await or promises on this case
@pietrohideki4 жыл бұрын
If you have some doubts or think you need some more insight on setTimeout i suggest you to search on youtube "what the heck is event loop anyway" it's a video of around 26 minutes which gives a good insight on the event loop and how sometimes setTimeout is used in the wrong way. Hope this helps
@aayushk28454 жыл бұрын
hi i'm pretty new to hacking and i wanted to try to find a vuln in iitianspace.com/login.php pls help
@appsecjourney89074 жыл бұрын
Hello brother, Can I ask you some questions? You told, you using linux in docker. How to set up linux in docker to get the external IP?
@crossetta3 жыл бұрын
google is your friend
@diegodejesus96684 жыл бұрын
Do you think that with the passage of time, the systems will be more secure and hacking will be almost impossible (or unnecessary)?
@ianthethird4202 жыл бұрын
No
@shubhamdwivedi77664 жыл бұрын
I passed the captcha in 2 trials lol😂
@Alkiiis4 жыл бұрын
There is also an solution where you find the username/password in the document.referer. github.com/weibell/ctf-google2020/tree/master/tech-support
@vendybirdsvadl74724 жыл бұрын
Is there CTF for begineers? Or something like that?
@Timooooooooooooooo4 жыл бұрын
Take a look at PicoCTF
@kmcat4 жыл бұрын
When I read the flag name, I sometimes think I could of guest that
@gameglitcher4 жыл бұрын
That's great except for the no brute forcing flags condition on ctf's :)
@cassandradawn7804 жыл бұрын
WOW im early. 4 min ago
@DiggOlive4 жыл бұрын
Less Smoked Leet Chicken
@MisterL2_yt3 жыл бұрын
1:00 Wait a second how is there a traffic light in the last box he clicks? I would have failed that captcha... edit: nvm, it was him who failed the captchas lol
@flyingpeter3 жыл бұрын
jesus christ, where does one even begins to solve that
@blobthekat2 жыл бұрын
2:23 learn how to use promises man
@tera_hz71254 жыл бұрын
Team pasten wants to know your location
@52.yusrilihsanadinatanegar794 жыл бұрын
*captcha lol*
@zCri3 жыл бұрын
wtf is that captcha lmfao
@lab-at-home4 жыл бұрын
Funny, I solved this guy using the referrer. I guess it was not intended solution
@Timooooooooooooooo4 жыл бұрын
Do you have a write up (or short explanation) of your solution? I'm very interested in it
@BERTDELASPEED4 жыл бұрын
I wish I had that knowledge 😑
@aashikyadav44394 жыл бұрын
wish I could understand this .
@yashb.pandhare57724 жыл бұрын
🧐👍🤝🤜👌
@moriartyshelby16184 жыл бұрын
"who cares" in a nutshell in this video...XD
@muddassirahmed33424 жыл бұрын
wha?
@4n1eu4 жыл бұрын
i don't understand anything
@soggytoast1114 жыл бұрын
The short version: The tech support app has a bug in it that allows you to post content that will be parsed as Javascript. This is a major security vulnerability known as xss. The point of the challenge is to get the Google bot to leak out his cookie by having it trigger your inserted malicious Javascript code. But you can't simply grab the cookie and send it back to you because the CORS check will block it. So the solution is you have to do all kinds of acrobatics with your Javascript code and a second XSS to walk the Google bot around the site and log in and out on different sessions.
@internetdoggo48393 жыл бұрын
Understandable. I had to watch it 3 times to understand it