LIVE: Web Hacking | Pentesting | AppSec | Cybersecurity | TryHackme | AMA

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·1y ago

Key Takeaways

The video demonstrates various tools and techniques for web hacking, pentesting, and cybersecurity, including TryHackme, Burp Suite, and FFUF, with a focus on practical ethical hacking and bug bounty hunting.

Full Transcript

What's up everybody? Hope you're all doing okay and hopefully you can all hear me. Okay. So, is this the first live stream I've done in my new office? I'm not sure. Let me let me check. I feel like the the weeks have been blurred together. And um I've recorded a couple of YouTube videos now. Um of course, but I can't remember whether I've actually done a stream from here or not. Maybe I did an AMA with somebody. I don't know. So, so many live streams. Um, how are you all doing today? Hope you're all doing well. Sorry we went live a little bit late. So, we have a a catio and the cats are out there and I just hear howling and hissing and um my cats, you know, they they have their tuffles from time to time, but there's a there's a new cat in the neighborhood who likes to come around and boy, my two cats do not like him. So, uh, it's a good thing they're in the catio. Otherwise, um, fur would be flying. That's that's for sure. Um, I think the problem is I've got two female cats and they both been, um, uh, whatever you call it, neuted. Um, but I think the male cat is quite young and hasn't been uh, snipped yet, which is kind of irresponsible letting cats out without giving them the snip. But, um, you know, is what it is. I won't judge them too much. Um, maybe I'll do some CNT. Um, no, wait. CN, CNR, CNR, capture new to return. We'll see. We'll see if it keeps coming around in a few months or so. Anyway, how you all doing today? Um, couple of announcements. So, just a heads up. Um, PEST courses are going bye-bye unfortunately. Um, we will hopefully refresh them uh at some point in the future, but it's not on our immediate road map. Um, we're working really hard on a couple of um uh uh a couple of other courses. So, we've got sock 2011, which is going to be uh a huge course in the pipeline. Um, we've got Andrew Bellini working on or digital aka digital Andrew working on uh practical security fundamentals. So, two new modules for um PC have dropped um today. Um so, if you're on the academy, basically what's happening with the practical security fundamentals is um every month we're dropping a couple of modules and then once it's finished, it will then go onto the free tier, but if you have access to the academy, you're basically getting early access. So, um, one of the many benefits of of being a subscriber in the academy. But if you, you know, if you're unable to be, um, a subscriber to the academy, I know that everybody's situation's different. Um, then eventually it will be a free course as well. Um, so let me pull this up. Actually, my camera is like right in the way of my second monitor, which is kind of kind of annoying at the moment. So, we've got defensive tooling, which is quite a big module. There's like at least, I don't know, eight, nine, maybe 10 videos in there. So, it covers everything like firewalls and IDS and IPS and EDR um and things like this. And then there's also vulnerabilities and exploits. And if you've never done um exploited anything before, it steps you through like how to um uh do some basic exploitation to do some privilege escalation. Then it also talks about like CVS, CVSS, CWES and stuff like this. So really it's like the fundamentals of cyber security. If you work with anybody who works in cyber security or if you're looking to move into cyber security, it's going to help you bridge that gap. Um it's going to teach you all the lingo. It's going to teach you all about um different tools and systems and and you know the CIA triad and and all of that kind of stuff uh as well. So, uh, and there's some nice exercises in there as well. But yeah, um, I think those are the only two announcements or three announcements. One, cat shenanigans. Two, retirement of prest courses. So, if you haven't already, feel free to pick them up. Um, I think they're available for another 8 hours or so, maybe 12 hours max. Um, so pick those up if you want to. Um, and of course new modules for for PAC. All right, that's that's the responsible stuff out of the way. How you all doing? Now we can just chat for and chill out and and just just be friends for the next two hours or something like this. Um, let me check in with everybody. How you all doing? Who got the first? Oh, Joffrey. Uh, Atalado. Sorry if I said your name wrong. First in the chat. very very fast. Uh good job. Uh let me scroll down. So uh anime fem animef anemf I'm not sure how to say this name. What kind of career guidance do you need? Give us give us some more details and uh hopefully we'll be able to answer you some some questions. can't promise I know everything because I simply I don't know everything but hopefully I can give you some uh some tips or some insight which uh which should be good. What's up Rubious? What's up Mary Ellen? Can see all the all the regulars hanging out so all all good. What time is a time is a flat circle. this I feel like this could be a controversial comment if we're talking about the earth which you know just just to clarify before people jump on that I don't think the earth is flat just in case somebody like extrapolates from from my random comment um what's up Hamza how you doing um let me see whether we have any questions so I'm just scrolling through the c uh through the chat through the chat to quickly catch up and uh and then we're all good. Um oh, what's up here? How you doing? Um all right, so I need some suggestions um to learn. Let me actually make this my screen a little bit bigger because the chat is really tiny. Sorry, two seconds. All right. Uh oh, now it's like there we go. need some suggestions to learn practical ethical hacking or bug bounty. Well, if you go to the cybermentor YouTube channel, uh there's like the practical ethical hacking 20our course or like it's two 12hour courses, however long it is. It's like more than 20 hours. There's like part one and part two. Um that's your best place to start. Honestly, going through this course is really good. Not because um uh it actually just just do any like comprehensive course. Well, not comprehensive course but like just do any big course because it's going to fill so many like buckets of knowledge that you can then build on in future rather than like leaving loads of gaps. If you just try and learn through like osmosis by doing like you know random boxes and maybe you have like somewhat of a methodology and you pick up some things from here and you know what SMB does but you don't know about like Windows services and you do know a little bit of Linux it's not going to like fit together or it's going to take a very long time to fit it all together. Whereas if you do a course, which you know, you can do our free course. It's on YouTube. There's 20 hours of it. Um you're going to get like a really good foundation and then like that's your bubble and then your bubble can expand rather than just having like splodges, disconnected splotches, if that if that makes sense. I'm not sure if my metaphor makes sense to everybody, but it makes sense to me. Um and yeah, that's that's what I suggest is get yourself through a course and also doing a course, right? If you can't make it through a 20-hour course, which yeah, 20our course is a long time, but if you stop halfway or if you get distracted with some other things, then maybe ethical hacking isn't for you. It's like a it's a good check to see, do I really want this? Is this something that I'm really interested in? Because there's going to be boring parts. And if you can't get through the boring parts, then unfortunately doing it as a day job is not fun. Um, unless you like if it's what you want to do, it's fun. But, you know, it's not all fun, if that makes sense. So, I think that's the best place to begin. All right. Um, today I've got a box. I think though it might be a little bit on the simple side cuz there's only one flag to get. It's a box called Loi. So, we're going to do that. And then depending on how we get on, I've got another box that I want to take a look at. So, we might be doing two boxes today. We'll see. Um, but we're just going to do some easy web stuff as usual. Um, I am working on excuse me. Um, I am working on um, now let me just share these links quickly. Uh, where am I? Um, I'm working on some like live CTF stuff. So hopefully we in future streams we can like work on a box as a group. Um and then you guys in the chat can also attack the instance and and we can I don't know have some fun together. Um so I've built a couple of CTFs that uh we can do on live stream but I haven't like hosted them and I haven't done load testing yet and so we're a little bit far off. Um but maybe in a few weeks probably next month I think uh would be good because this month has been busy. Uh we got a lot of stuff in the pipeline this month. So um hopefully next month we'll have some stuff for you. Um recommendations on chat. So this chair that I've got, the secret lab one. Um I really like it. It's really nice. Uh mostly it's really big as well, so I can sit cross-legged on it. Cross-legged on it. Um I wouldn't get the ones that are like smooth kind of like fake leather or whatever. Um, this is like a fabric one. Um, even though my cats love to use it as a scratching post, the fabric is much nicer than um, especially when it's hotter than like the um, plastic um, plastic fake leather, whatever it's meant to be. Um, so if you do get a Secret Lab chair, make sure you get the um, the fabric ones. Um, other than that, I haven't really tried any other chairs. It was between this and the Herman Miller, and the Herman Miller was just so expensive. is kind of like throwing money away. There's no way there's any benefit from a,000 um pound chair from a 3400 chair. It's like um it's like everything in life. If you buy in the middle, you get something that's just as good as the top end or maybe like a tiny percentage that you wouldn't notice a difference on. Maybe the packaging is nicer on the Herman Miller. Um, and and you save a ton of money, which you can spend on whiskey or whatever it is you want to spend your money on. So, uh, TCM security courses, proves courses, that's what you can spend your money on. But yeah, um, the Secret Lab one, I really like it. I've had it two more than two years now. Uh, and it's been really, really good. So, yeah, I definitely recommend. Um, and if anybody works at Secret Lab and they're watching this live stream, I mean, if you want to sponsor, if you want to sponsor us, obviously, um, we we love sponsors. It's it's all good. Um, I'm joining on YouTube. Um, while I use the chat on my laptop. Nice. Uh, I have to say that I'm joining the Oh, practical bug bounty. Yeah, nice. That's good. I've done the slides up to the virtual box/calibet. Yeah, nice. Good. Let us know how you get on. Um, a few of us like contributed to this course. So, you've got Heath in there, you've got Jonah from Integrity, uh, you got me doing like a lot of the labs and stuff. Um, so yeah, that's this is this is a good way to start. Um, how to start CTFs? Um, read writeups. So, find go for easy challenges uh, and follow writeups. Uh, once you've done like a hundred, then you'll start seeing like similarities and things. Um, and uh, yeah, that's I think that's the best way is it's the same with anything like when you're studying something, you learn like what's the techniques, what's been seen before. Um, it's the same as anything else. Uh, and then you start to see patterns and things. You learn how systems work. Um, but yeah, write-ups are by far the best way to start learning CTFs. Oh, do we think we can have some dedicated security courses on SAP? This is a Andrew Bellini question. I think um it's painful to use but unfortunately extremely popular. Doesn't seem to be any labs on. Yeah, setting up uh labs for SAP is quite complicated I think and you need like um uh like particular hardware and stuff like that. Um I I mean it's not on our current road map. or at least not for like the next year. If somebody comes to us and says, "Hey, I'm a SAP expert and I want to make a course then like we're we're open to working with like people um who are experts in the field who can put together courses." Um but like I say, it's we probably won't have it for if we do have one, it won't be at least until next year. And I suspect Andrew Bellini would be the man for it because like that's his wheelhouse. um he knows a lot about that kind of stuff. So yeah, sorry we don't have anything like in the um in the in the works at the moment for for SAP. [Music] Um what's up Messi Messiah? Uh I'm breaking and conflicted between GRC and pentesting. Could you speak on the pros of pentest versus GRC? Yeah, this is a this is a great question. So, I mean, at the end of the day, it kind of boils down to uh what skills you have uh and uh and what you want to do. So, obviously, pentesting is quite technical uh and within pentesting and also within GSC as well, there are lots of different like fields and roles. Um, if you like doing uh if you like reading, writing code, if you like running tools, um, if you like um, doing pen testing, then do pen testing. Um, if you don't have any technical background but you find the world of cyber security interesting and you find the news interesting and you like talking to people and you like project management and you like spreadsheets uh and compliance work then GRC is going to be is going to be your thing. Um I would say that especially with GLC you have to have like a very broad knowledge but you don't you probably don't need to go like super deep into any particular area within cyber security but you need to know you know um a bit about each subject so that you can talk properly with the head of infrastructure with um the the DBAs or with somebody who's providing you evidence or with the development team and also with management and with leadership and with everybody else in between tech leads, etc., etc. With pentesting, you can kind of just focus on like, you know, if you want to be a network pentester, you'd be like, if you really love Active Directory, that's it. Just do tons of Active Directory and enjoy doing it, become become a master of Active Directory. Um, same like for me for like web stuff. If you really like web applications and you like building them and you think that HTTP is kind of quirky and fun to work with, then that's it. That's your answer. So I think most of the pros and cons are actually kind of bucketed into where you work. So regardless of your job, you can have a great time in cyber security or you can have a really terrible time in cyber security. And even across like the same job role, like you could be a pentester at multiple organizations and you could be doing amazing pentests, interesting projects, or you could be running Nessa scans and that's like, you know, and and you're still a pentester if that makes sense. So yeah, it really depends what you know, what excites you. Um if you had to spend the rest of today studying something or doing something, which would it be? and choose that one is is I think the best way. Do you like the the whole uh make a choice, if you regret the choice, do the other thing and if you don't regret the choice, just do that thing. I think that's the best way to to sum it up. But um but I think with GC uh well with pentesting you do you obviously have like shorter projects. Usually you're on like two weeks to one month projects maybe like you have a oneweek engagement sometimes. Um, with GRC you're going to have like a huge PCIDSS audit once a year. That's going to be really stressful and then through the rest of the year you're doing like compliance activities and things like that. So, it's kind of like, you know, once per year you're going to be really stressed and then the rest of the time it's not too bad. With pentesting, sometimes you've got backto-back projects that are really like uh you haven't got enough time and you've got to do tons of stuff and the clients being a pain in the ass and uh they haven't even given you access and they're not responding to your emails and and like you know you might have just stress all the time if you don't manage um or if some if they're not managed properly the um the clients. So I think that's also something to consider. All right. Um, Hamza. So, I've actually Oh, no. I can't I can't show you them. I I have a bunch of diagrams on my desk. I've been sketching out the um one of the apps that's going to be part of the PWP. Uh, give me like a month and uh we'll see. Uh, but it's coming soon. It's it's coming very soon. Um, yeah, I'm actively working on PWP now. Um, which is going to be fun. Um, and it's going to be uh, yeah, a lot of cool stuff. I don't want I don't want to say too much because if I get going, I'll I'll like spill secrets and and then that would be bad. But, um, but yeah, I'm actively working on it now. All right. Um, let me answer one more question and then let's jump into a box and then I'm going to come back and answer some more questions because I can see there are tons of really good questions in the chat and I want to I want to answer all of them. Um, like yeah, today you guys are on fire with questions today. Um, so um, but let me answer one more and then we'll we'll circle back and then and then we should should be all good. Um, well, let me answer two because this one, uh, ambitions 13. So, good free network courses. So, I used Professor Mesa back in the day. Uh, I know there are some others that have popped up since. Um, but I still think that that's like, you know, that and then, um, you can look at like the Cisco stuff because I think Cisco is pretty relevant if you're if you want to go deeper onto networking. Um, but that would be my maybe maybe this is kind of a old school recommendation because honestly I haven't looked at like networking in like 10 years probably more than 10 years. Um, so if somebody in the chat is like oh this is a more modern upto-ate and and better um resource uh then feel free to share. But in my opinion like I 10 years ago I did like professor Mesa stuff more than 10 years ago and I still find it like that knowledge is still useful for me today. So um so that's that's good. Um and which which Linux distro would I recommend for daily use? Um I would say Iuntu. Like honestly like I know like there's a lot of Linux purists who kind of look down on Iuntu for some for some reason. probably just because it's the most popular Linux distro. Um, but Abuntu is really stable, has good long-term to support. I'm going to be controversial here and say that I really like Debian. Uh, but that is a complete personal preference. Um, if I'm looking at it objectively, I shouldn't be using Debian. I should be using Abuntu. Um, Mint is also really nice because it's very lightweight. Um, I don't really have a lot of experience with like Fedora and some other flavors, but yeah, like Abuntu is probably the best. Mint is very nice and lightweight. Debian's my personal quirky one that I like to use. That's the um I don't know, some people use Arch and you know, yeah, good luck to them. I tried that once and uh wasted two days of my life. So, all right. Let me come and find a box. Hey, I clicked the right button. Uh, okay. So, let's take a look at takeover. Uh, oh no, I've just started the wrong machine. Whoops. Terminates. Uh, Loi. Okay, let me look at Loi. Hold on. Loi is the one we're doing. And takeover is the Ah, I need to join the room. Okay, join the room. Start the machine. Loi is the backup one because this one looks quite straightforward. So while that's running there we go. Okay, we're good. Uh, and then uh let's do All right, it's got to it's got to spin up. So, we're all good. Uh, let me come back to the chat and uh while that's spinning up Oh, how do I take this off? There we go. All right, now we can see everything. We're good. Otherwise, we're going to get our terminal cut off from the bottom. And here we go. Okay, so what does this challenge say? Uh, want to hear some lowfi beats to relax or study to? We've got you covered. Access this challenge by deploying the vulnerable machine by pressing Oh, yeah. Yeah, I know how to start machine. And then navigate to HTTP and find the flag. Okay, cool. One flag. Easy as pi. Uh, let's ping this box. Okay, looks like it's alive. So, let's just do um end mapap- a on here output normal scan.initial and then we should should be good. [Music] Uh, oh no, I missed out space. Helps when I get the uh the IP address correct and uh and my um my spaces correct. Let me just grab my water. There we go. Okay. All right. Okay, so we've got just SSH 8.2 P1. Um, there's reasonably up to date. There's probably nothing here that's that interesting. Technically, we could try and brute force SSH. Um, much more interesting is port 80 is open. Open HTTP Apache 2.2.22. Okay. Um, probably nothing too exciting in terms of exploits against this version. Off the top of my head, we might have to search. And we have lowfi music. And let's just pull up B suite and start taking a look at our target. Oh, this is a good question. While I'm uh while I'm loading up BU, uh, if I could start my job again, what would I change? um I would be more confident uh in taking roles earlier. So uh one thing I wouldn't change is that I did a a year or like a stint as a developer and I think that's that was I I learned a lot there but then like I wasted a couple of years after that in roles that I didn't really learn that much. there were roles that I could do rather than being like ah yeah you know I want to like getting an appsac role I could have had two extra years of appsac or two extra years of pentesting or two extra years on a security team if I hadn't have kind of gone through so I kind of like moved into a security role um it was quite chill and then I moved into another security role and I was doing a little bit more like hands-on stuff but once again it wasn't like was I wasn't really learning very much and it was comfortable and then I moved uh a third time and uh everything was on fire. So, and and I learned a ton of stuff. Um and it was great and um you know, I wouldn't do it again now that particular role being on like a twoman security team for a company. Um but I I learned a lot of the time. It's like the trials by fire. Um I would do that a lot sooner, I think. Uh that that's the biggest thing. So, so yeah, um I think that's that's what I'd do differently. Um I would live stream earlier as well because I started live streaming when I was living in Tokyo. Um like four years ago or something, maybe five years ago. Um I would start just just live streaming like hack the box and stuff like years earlier. I think that would be that would be my thing. Um let's come to open browser. We're doing a box called what's it called? Loi. So li or loafy. This one loi music. Oh, this is like um is it Loi girl? I can't remember. She's famous. She's got like so many subscribers on YouTube and then there's so many people that tried to copy this as well. But um yeah, low 14 million subscribers. What? Crazy. Worth it though because the the channel's really good. Um okay, so we've got this and then proxy HTTP history. Let's see what we've got. Oh my god, I've just filled up my whole history of YouTube. You go to one YouTube page and look at look at the junk. I mean, come on. That's 150 requests. What's wrong with you, YouTube? Learn how to make a clean application, please. Um, okay. So, here's our request. This is a problem with modern applications. Computers are too fast these days. Developers are lazy. No offense if you're a developer, but um things are not built like they used to be. um where you had to actually figure out like performance and make things work nicely. Um okay, so we've got this. We got some inline styles. Nothing too crazy on here. There any other posts? So where is this going to? This is YouTube. YouTube. Let's get rid of all of this and let's uh add this to the scope. Okay, so hopefully we're hiding out of scope items. Um uh okay, I can see I can see an interesting vector already. So I'll give you like 10 seconds in the chat. Um, what are we going to look at next? I'm not saying that this is necessarily like the way, but what's what's the thing that stands out from this this page and functionality? We'll give give everybody a few seconds to Oh, LPP's got it already. Yeah. Yeah. Loi means LFI. Yeah. The page parameter. Nice one. Yeah. Yeah. This is it. So, I think this is this is probably the way. So, let's just throw this into repeater and uh let's do something like Etsy pass WD. I'm assuming the target is Linux, but whoops. Let's put a space there, otherwise we break our HTTP request. Oh, no. Yeah. Okay. Uh, hacker detected. Stop hacking, you stinking hacker. What's funny is like back when I was um a teenager, me and my friend, we built this online textbased RPG and it was kind of like um if you've ever played like Torn City or something like this, it was basically like that. Um and uh somebody actually exploited um one of the pages using SQL injection. This was my first ever introduction to to security back when I was like 14 or 13 or something. Um, and then what I did is I actually um put something like this in the app that would would write to a log file uh in my PHP. And so basically if you sent any requests because most of it was through uh the query string. So you could like go and do a mission and it'd be like you know the mission ID would be in the query string. So if you sent like single quotes um uh through the query string it would basically uh just like dump the page and be like hey stop trying to hack. we've logged this and and to make it scarier, I'd like echo like their IP address and stuff onto the page to try and make it like as scary as possible. Um, and then like output it into a log file. Funnily enough, after some research though, um, somebody did manage to do to do something and um, uh, I was like doing OSEN basically. By Osin, I mean I was like googling their IP address um and some other things and like the username of their character and stuff that they'd created within our game and I found out they're like the um they're they were an IT teacher or like a lecturer at a at a university in Europe. And then I sent them a message. I was like saying, "Oh, is this you?" And then and then they kind of went off on one. And then after after their initial surprise, they were like, "Well, it's not me anyway, so it doesn't matter." And I was like, "Ha, get out. Stop hacking my website." So um yeah, this is probably um the reason I got into cyber security uh from like a reasonably young age. Um it was that and then I started doing um hack this site which like it still exists this this site is like decades old and this was like my first after that I started doing the challenges on hack this site where there'd be like there'd be like random JavaScript like hidden off the page and and and stuff like this um uh or you needed to like change the get uh requests to like a post request uh and you'd solve the lab and stuff like that. Um this is how I got into cyber security a long time ago. Um but it's cool that that website still exists. And then I spent like my latter teen years doing Route um which was pretty nice. Okay. Um so let's try and bypass this. Um this is a problem. So uh the Linux file system uh is case sensitive. So if we change this to like an uppercase and it goes through it's just going to be like oh it didn't find this but it might pass in the parameter too lower and then uh and then give us a result. It doesn't. Okay. So but it's always worth a try. Um let's try this. Okay. So Etsy passd doesn't exist. So maybe it's just this exa it this looks like it's going to match this exact string. So maybe we can just do something like like this. Whoops. There are so many different um variations we can do here. Ah yeah. Okay. So we've got file inclusion. Um nice. Uh so we've got LFI. So here we could also think about encoding. We could also think about doing like dot slash dot slash or like um if the dot dot slash gets stripped out, you put in uh dot dot dot slash dot slash and then if it's not recursive, it like removes the dot dot slash and then ends up with dot dot slash if that makes sense. So the um lack of recursion is kind of a common CTF filter. Um there are so many different like variations of this. Well, if you look at a fuzzing list, you you can you can see them all. Um okay, so we have LFI and we need a flag. So, h I wonder if it's just in flag or is it going to be in like slashroot slash Oh, no. There it is. That was That was pretty straightforward. Okay, let's grab this. Oh, that's it. Stream done. Okay. Yeah, congratulations. We win. Um, if I didn't get this straight away, uh, don't worry, we've got another box lined up because this one did look like it was going to be suspiciously easy. Um, if I send this to Intruder, you can probably fuzz this. And then, um, uh, user share. Oh, I don't have seclists installed. But if we go to set lists, let me let me pull up Chrome. There's some good lists in here. Uh, so fuzzing, LFI, and the LFI jihadex is pretty good. Um, so this is Jason Hadex. Um, so this is a good list. Um, I don't know about the others. I don't think I've really looked at the others properly. If there's another good list in there, then let me know. But like, if we just grab this, you can see here you go. All of the like different ways to try and get past um the filters and filter evasion. There's so many different ways of doing it. Uh, if I come into here, let's just pull up our terminal. Come into our word lists. W get this. Come back to here. Load word lists. Uh where is it? Oh, I do have set list. It's there. But anyway, we could fuzz this for example. And then we can try and look at the length. And then for example, what we could try and do is filter on something like root cuz we know that Etsy passd um the uh pass WD file and that has the keyword root in it. So if we filter on this and we look at the response and then we go root like this and then we autoscroll to it, you can see all of these payloads all worked. So that's that's quite a few. Oh, that's an interesting one. Oh, no. This this is this is a false positive because it has roots in the in the payload. Yeah, same with these. These are all false positives, but the ones that [Music] are 4851, these ones are all successful. So these ones have got like the null bite terminator, which is probably not doing anything in this case, etc. So, I think when you're doing boxes, like spending a little bit of extra time to like figure out all of the cases, these are like encoded ones. Um, and thinking about why something worked is is quite valuable. And I think that's something that I didn't do when I started doing like hack the box. As soon as I solved it, I'd be like, "Yay, flag done. Let's go to the pub or something like this." Whereas now, like I'm quite careful. I I try and go through the box, try and find the misconfiguration, have a look through the code, really understand what's happening and why the vulnerability exists. So, oh, nice. Yeah, I see. So, Eldrich did it with FUF instead. FF is great tool. Um, so that's pretty nice. [Music] Um, sometimes like I do use fuff for a bunch of things, but like for fuzzing specific things, um, I just find it easier with B suite because then I don't have to remember loads of commands and stuff and and flags and things, I can just just for like a ease of use laziness perspective, I find BSU a little bit easier. But Fuff is a great tool as well. All right. Um, let's have a look at another box then since this one is done. Double points tonight, assuming that we find all the flags. All right, it's going to take a minute to spin up. Let me come back to some of the questions while it's spinning up. Ooh, watching at work. Any tips on studying while at work? I mean, I don't want you to get into trouble. like obviously try and try and do your work. Um I would say depending on your setup. So for example um when I was commuting um I used to watch some things. I tried to watch like walkthroughs on my phone. Um but it wasn't really that useful because I was just watching them and I wasn't really absorbing them to really get the most of like IPSC videos for example. You actually need to be like writing out the commands and doing what he's doing to really understand it. So, I'd say um depending on one like if you have distractions and stuff then you need to keep things like really um not very deep and so try and study things that are more reinforcement material. But if you are at work and you can put your headphones in and you can have a small YouTube video there and you can follow along fully then then do that. But I would say like change your approach to study based on like your surroundings and what you have access to is is the main thing. So depending on um your work, uh you might may or may not have like distractions. Um when I was studying for exams before, I used to go in 2 hours early and I'd book a meeting room and I'd sit in the meeting room and I would um study uh and then I would start at 9:00, you know, as everybody else was coming in. And then um yeah, that was that worked really nicely for me cuz I could do that pretty much every day undisturbed. If I was at my desk, people would come in, they'd be like, "Ah, hey, good morning. Do you want coffee? How was your evening? What are you doing? It's Friday." Blah, blah, blah. If you're in a meeting room with your headphones on, like nobody's disturbing you. And if they do, then you know, just tell them to jog on and you're all good. Um, let me keep scrolling down. Answer a few more questions. Oh, this is a good question. Um, there's a there's another C2 that's free which I can't remember the name of that I used years and years ago. um that is kind of similar to Cobalt Strike and I used that first um to learn and then my company um bought the licenses for Cobalt Strike and then switched over. Um I would say if you know how to use like a C2 tool um like a well established one, it's not that different. It's just the UI differences and to be honest, picking up the UI isn't that difficult. Um so just focus on that generally. Otherwise, do what apts do and and get a um find a copy somewhere. I shouldn't be saying that on live stream, but like you know, it's uh some people have to do that unfortunately. Um let me keep scrolling down. Oh, how did I find the box was Linux? I didn't. I just guessed. Um 99.9 of web uh% of web servers are Linux boxes. So um it was a fair guess. Um I wonder if it was in the header actually uh or in the um end map scan. Hold on. Let let me come let's come back to here. So here we scanned the box. Yeah. So from the headers it thinks it's Auntu. So this tells us that it's Linux. Um, but to be honest, unless you're working at like a dinosaur bank, um, pretty much everybody runs Linux web servers, uh, it's only like banks and old old systems that run like, um, Microsoft IAS, which I don't know, like running an IAS web server in 2025 is um, baffles me. Why would you do that? I mean, yeah, it's uh, it's tricky. Yeah, this is it. Um, I'd be surprised to see Windows with with SSH as well. Um, yeah, because usually you're using things like RDP and and stuff like that um when you're in a Windows environment. Um, let me keep scrolling down. All right, this box is up. So, let's take a look at this next one and then I'll come back and answer a few more questions. [Music] Um, what's this one called? Takeover. Okay, let's see what this one's got uh in store for us. Let me switch back to the chat as well so that I can see. Um, okay. I'm just going to restart Burp Suite because that's just the easiest way to like clean it out and make sure everything is all nice and smooth. Okay, let's take a look at this box. Uh, what does it say? Hello there. I'm the CEO and one of the co-founders of Future Avera. In Future Aera, Future Vera. Future Vera. I don't know how to say this. In future Vera, we believe that the future is in space. We do a lot of space research and write blogs about it. We used to help students with space questions, but we are rebuilding our support. That's probably a hint there. Recently, Black Hat hackers approached us saying that they could take over uh and uh asking us for a big ransom. Please help us find what they can take over. Our website is located at https futurever.thm. Don't forget to add it to Etsy hosts. Okay, let's do that first [Music] then. In fact, actually, let's not um h No, no, let's let's yeah, let's keep burpuite open because we're going to need it anyway. Uh, probably grab the IP key. Paste. Save. Quit. Okay. So, let's ping this box. It's up. And let's m map- a uh output normal scan dot initial and see what we find. It sounds like a web box, but I don't know. There could be some other random services kicking around. Uh all right. Um let's see. So Abuntu again 80 443 common name and that's it. Okay. All right. Let's uh let's take a look. In fact, let's do this. Open browser. Uh, we want to go to the actual website name, not interesting. In the notes, it actually tells you that it's on HTTPS. I wonder if there's a difference between the HTTP version. They look the same. Oh, no. This one's been Oh, we get forwarded to HTTPS anyway, even if we tried to HTTP. Okay, we might have to curl that later on and see what's going on. Or we can have a look in B suit and see what's going on. Um, okay. So, future Vera, have we got um H we're not in Doesn't matter. Um, I was going to look at Wapalizer, but we're we're in the BU browser, so that's fine. We can come back and take a look at that later. So, a quick look in here, just because it's a CTF. I don't usually look at like the page source straight away when I'm like if I'm doing a web app pen test but I mean I will have like a look in the JavaScript and stuff but usually you can find I say usually sometimes you can find hints and stuff in CTF so it's always worth just taking a peek. Um so we got some images then we've got Bootstrap and then we've got this JavaScript scripts. Uh this file is intentionally left blank. Okay, cool. Sounds good to me. And then there's probably nothing in the Bootstrap file. So, um, okay. So, we could start looking at subdomains. Um, and also looking at directories and also since it's HTTPS, we can also look at the certificates. So, if we look at the details, it's a little easier to see in Firefox usually, but uh no alternative name. Okay, let's uh proxy HTTP history. Let's send this to intruder. Um, let's do subdom uh not subdomain uh directory busting first and we'll also do subdomain uh as well just because uh I always get confused with my ffuf subdomain busting and so this is an easier quick setup. So let's just get payloads and let's just do directories long and see what happens here. And then while that's running we can come to here and uh I can try and remember the um uh syntax for fuff. So what we want to do is we want to do FFUF and then we need a word list and then we need a host header. So, we want host colon fuzz dot what's the website called again this thing uh and then dash u so I think https and I can't remember what the difference is but you'll get different results usually if you fuzz subdomains um against an IP versus against um a actual domain name because they get handled differently. Um which is kind of annoying. Um and let's put this word list in and see whether this works. So word lists. Ah where are my word lists? Oops. It's capital S. That's why. Uh, is it discovery DNS? Uh, let's do subdomains top. Uh, let's do 20,000 since we're on a VPN. Should be okay. Uh, that looks correct to me. And then once this once this comes back, we then need to filter on the size 4605 like this. Okay, we got a couple straight off the bat, which is quite nice. Um, okay. Um, oh, yeah. Since Burp community throttles intruder, why not teach fuzzing using a tool that doesn't? Yeah. So I mean the thing is is also like you can do everything obviously in open source tools but as soon as you start like a pentest or a web app pentesting job you're going to be using like burp sweet pro uh because the company's going to buy it for you or if you're working as a consultant then you're going to buy the license for yourself. So you've got to be able to use burpsweet pro I think as a um you know as a pentester. Oh, bugger. I just closed these results without without reviewing them. Um, so we just got 301 301 301. Okay, that's not that important. Um, and alternatively, you can use Kaido, which is I think a nice tool as well. Um, and still has uh some really nice features. So, you know, I just feel like uh I kind of show I tried to show everything, but I I think it's important to even if you don't have access to Burp Sweet Pro, um at least see what it can do, if that makes sense, because like things like collaborator um and some of the um like the scanner and some of the pro extensions are really really useful. So, you know, and you'd probably be expected to be able to use them when you go walk into a job. Um, all right. So, let's add blog and support. Um, so pseudo micro Etsy hosts and then let's grab these. And then uh what is it? Supports. What was the other one? Oh no, I've forgotten. Uh, the save quit support block. uh dot save and quit. Okay, so let's clear this and then let's get rid of this. Uh actually no, we need to browse to these. So, um support. So, we get a different sites. Nice. Uh and the other one was block. Okay. And these are different. They both look pretty static. Yeah, static site. Static page even. Oops. And then this one. Even those links are probably dead. Oh, no. They actually go to different places. So, we'll take a quick look. Yeah, that just goes to Okay, we might have to come back and actually read these pages and hello Bite um and kind of try and understand them. But let's take a look. Um see whether we can ah we could directory bust on this one. Let's do that quickly because that doesn't take long. Um trying to decide like the optimal route and what I think is going to be like the most uh what's it called? The fastest way. Fastest way only. Let's start that. And let's do the same thing for what did we just do on this is on blog. So let's also just quickly take a look at support and throw that into intruder as well. What's interesting is on one of them they had HTML on all of the pages that were linked. So we might actually have to change our payload a little bit. Oops. So 403 on server status, otherwise 301's and then just 404s. Not very exciting there. And then the other one, same thing, which is not expected. And then let's take a look at I think we need to take a look at these certificates. I I'm sure this is like a subdomain hunt because it's called takeover. So I assume it's related to like a subdomain takeover. Ah I hate Chrome like Okay, let's let's come into Firefox. It's much easier to see these. Okay, here we go. Let's come to support uh advanced view certificate and then you can see everything and it's really nice. So, you can probably do this on Chrome as well. I just don't know how. Um Oh, okay. I've spotted something. All right, I give you all I don't know 20 30 seconds. Can you spot anything interesting on the uh on the certificate? This is it. I'm actually like a serious Kaido fanboy. Um, it's a really nice tool. I should use it more in my streams. I have the pro version or like the um subscription version and it's really nice. I love the JavaScript engine inside. So, you can um build workflows with JavaScript. It's it's really beautiful. It's just so sleek and uh from a workflow perspective, really really nice. Oh, nice. This is good to see. Started with Burp a week ago. All good. All right. Uh DNS leak DNS expired set. Yeah. So this is it. This is the alt name here. Um, so I presume this is supposed to be like a um, uh, subdomain takeover example. Um, so we have this DNS name that's like secret helpes 934752.sup support.fver.tm. And I suspect if we add this, so the point here is this subdomain has been taken over. And then if we add this to our pseudo micro Etsy hosts think domain takeover is a good one if you're doing bug bounty is a good one to read up on and understand basically where um uh you're pointing to like an asset and then you no longer own that asset and then somebody else like squats there and then uses your domain. Um, yeah. Let's come back. Ah, I've closed. Why do I close everything all the time? You know what it is? Is um because I have three big monitors. Um, not like trying to brag, but like I have like a really wide setup. So, I've got the ultra wide in the middle and then two monitors. I have everything like really nicely spaced out, but when I'm streaming, I'm stuck in like one little box and like tabbing through everything just is so confusing because I don't have to tab all of the time. Ah, here we go. So, you can see, wait, was that the uh we get forwarded to um uh an S3 bucket. So, S3 website uses3. Amazonws.com and then we get the flag here. So that is the subdomain takeover there and that is the flag. Very nice. Yeah, that's a kind of a interesting one. Oh, a triac may have changed the congratulations thing. You get forwarded to somewhere. Um that's not the page I want to be on. So why why am I being forwarded? Um it's all goods though. Um that's that box done. That was a bit of a fun one. Um interesting. A little bit different. Um, and uh the uh file inclusion one is kind of like a classic um CTF as well. So, so that's pretty good. And uh yeah, the certificate probably expired. I didn't see that uh as you as you says as Ethan says here. And I I suspect it's self-signed as well, so it's probably not um like a legit certificate. So, it's all good though. Although I feel like more boxes should have um certificates because it's not difficult to um to get one, you know, when you spin up a box to get it from uh from Let's Encrypt. Let me come back to here. All right, let's take a few more questions um before we wrap up. Um yeah, this is a good point. So FFUF uh because it's written in Go and not Java. It's unsurprisingly much much faster um than uh than than Burp Suite is. Um Burp Suite is good though. So for example like let me show you you can do some really useful things which just makes your workflow so much faster. So for example here like what I can do is if I come into payloads we can add payload processing. So instead of just having like a pre-built list I can just be like oh okay I want to add a suffix and uh I want to add HTML to them all and I also want to like URL encode all of my stuff. Let me hide this for a second. Um uh you can switch on or switch off URL encoding for example. You can use a different number of resource pools. You can switch on uh auto forwarding which is in here somewhere uh redirections. You can follow I mean you can do all of this in fuff as well but it's like remembering all of the flags and setting it all up is kind of a pain. Um and so like and in here like we can GP for results, we can match stuff, we can flag things. Um there are also a number of plugins that kind of like go into uh intruder as well. And also um in the past when I've been looking at like mass assignment and then testing so if I've created like 10,000 accounts I've had to log into 10,000 accounts and then do like a um uh not a diff but compare the content length to logging into uh other accounts or what I was expecting and I can do that in macros in burpswuite but you can't do that in ffuf. So with fuff like I might fuzz for mass assignment but then how do I check 10,000 accounts without logging in manually and I can do that in burp suite I can fuzz them all log into them all and then compare the final results and so in cases like that I think the burpuite is much more powerful even if it is a little bit slower so um but I mean I recommend people use both um use the right tool for the right situation and the right job um if you've got to fuzz a ton of directories. Like if you want to fuzz um half a million directories, use FFUF for sure. Um but if you're just doing like 20,000, then Burp Suite is fine. Like you're not going to notice the difference between like two seconds. So you know, it's not really uh really, you know, too crazy. Um why do I not try web 3 bug bounty? I don't do a lot of like web 3 stuff. It's something that has been on my to-do list for so long. Um I have been doing like some study around it. Uh and I have done some a little bit of work around web 3 stuff. Um I would wouldn't say it's my forte at all but um yeah not enough time in the day. That is the the real answer. Um there are so many things to do and um you know on top of my job I'm already doing like extracurricular stuff uh to do with uh cyber security and hacking and stuff and then on top of that trying to stay healthy looking after my cats and you know trying to keep some balance in my life. So so this is the real reason. Um will I be at API days? No I don't think so. New York is a long way to travel for me. I'm from Europe, so like getting getting over to uh to New York City is uh is quite a big deal. I will be at Defcon, I think. Um best effort to get to Defcon. Um unless there's a good reason that I'm not going. Um I will be at Defcon. So um so it's a it's a direct flight that takes like a million hours. [Music] Um, this is the uh an expensive direct flight, I presume. But, uh, don't get me wrong, I really want to visit New York at some point. Um, uh, my mom works there for a few years. Um, uh, she was working out for some company out there. Um, she's retired now, but she also works in tech or worked in tech. Um, but there you go. Um, yeah, I can.

Original Description

https://www.tcm.rocks/pwpp-y - The Practical Web Professional Pentester (PWPP) is one of Alex's several Web App certs. Get certified as a Web App Pentester today! https://www.tcm.rocks/pwpa-y - This is the beginner-friendly version of the cert - the Practical Web Pentest Associate (PWPA). We also offer several Web App courses in the Academy: http://www.tcm.rocks/pwpp-y We stream every Wednesday at 12 PM ET - come by, watch some live hacking, and ask a few questions! Join us on Discord as well: https://discord.com/invite/tcm #cybersecurity #livestream #infosec #hackthebox #hacking Timestamps: Hacking starts around the 21:00 minute mark! Follow along here: https://tryhackme.com/room/lofi
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from The Cyber Mentor · The Cyber Mentor · 0 of 60

← Previous Next →
1 Buffer Overflows Made Easy - Part 1: Introduction
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
2 Buffer Overflows Made Easy - Part 2: Spiking
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
3 Buffer Overflows Made Easy - Part 3: Fuzzing
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
4 Buffer Overflows Made Easy - Part 4: Finding the Offset
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
5 Buffer Overflows Made Easy - Part 5: Overwriting the EIP
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
6 Buffer Overflows Made Easy - Part 6: Finding Bad Characters
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
7 Buffer Overflows Made Easy - Part 7: Finding the Right Module
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
8 Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
9 HackTheBox - Sunday Walkthrough (Re-Up)
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
10 Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
11 Networking for Ethical Hackers - Network Subnetting (Re-Up)
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
12 Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
13 Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
14 HackTheBox - Fighter Walkthrough (Re-Up)
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
15 Beginner Linux for Ethical Hackers - Navigating the File System
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
16 Beginner Linux for Ethical Hackers - Users and Privileges
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
17 Beginner Linux for Ethical Hackers - Common Network Commands
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
18 Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
19 Beginner Linux for Ethical Hackers - Controlling Kali Services
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
20 Beginner Linux for Ethical Hackers - Scripting with Bash
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
21 Beginner Linux for Ethical Hackers - Installing and Updating Tools
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
22 Cracking Linux Password Hashes with Hashcat
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
23 Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
24 Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
25 Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
26 Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
27 New Zero to Hero Pentest Course, New Website, and 2K Subs?!
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
28 Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
29 Zero to Hero Pentesting: Episode 2 - Python 101
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
30 Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
31 Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
32 Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
33 Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
34 Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
35 Installing Windows Server 2016 on VMWare in 5 Minutes
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
36 Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
37 A Day in the Life of an Ethical Hacker / Penetration Tester
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
38 Active Directory Exploitation - LLMNR/NBT-NS Poisoning
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
39 Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
40 Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
41 Writing a Pentest Report
Writing a Pentest Report
The Cyber Mentor
42 Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
43 The Complete Linux for Ethical Hackers Course for 2019
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
44 Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
45 Popping a Shell with SMB Relay and Empire
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
46 Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
47 Pentesting for n00bs: Episode 2 - Lame
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
48 Pentesting for n00bs: Episode 3 - Blue
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
49 Web App Testing: Episode 1 - Enumeration
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
50 Pentesting for n00bs: Episode 4 - Devel
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
51 Pentesting for n00bs: Episode 5 - Jerry
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
52 Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
53 Pentesting for n00bs: Episode 6 - Nibbles
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
54 Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
55 How NOT to Approach a Cybersecurity Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
56 Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
57 Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
58 Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
59 Pentesting for n00bs: Episode 9 - Grandpa
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
60 Top 5 Internal Pentesting Methods
Top 5 Internal Pentesting Methods
The Cyber Mentor

This video teaches the basics of web hacking, pentesting, and cybersecurity, with a focus on practical ethical hacking and bug bounty hunting. The instructor demonstrates various tools and techniques, including TryHackme, Burp Suite, and FFUF, and provides tips and resources for further learning.

Key Takeaways
  1. Deploy a vulnerable machine and navigate to HTTP to find the flag
  2. Use Burp Suite to analyze the target and identify vulnerabilities
  3. Exploit subdomain takeover vulnerability using FFUF
  4. Use JavaScript engine in FFUF for workflow automation
  5. Filter on size 4605 to identify potential vulnerabilities
  6. Use Kaido as an alternative to Burp Suite Pro
  7. Explore certificates and subdomain takeover
  8. Use directory busting to find optimal routes
  9. Change payload to include HTML
💡 Practical ethical hacking and bug bounty hunting require a combination of technical skills, such as using Burp Suite and FFUF, and non-technical skills, such as dedication and focus.

Related Reads

📰
Treasury Sanctions Two Individuals and VPN Firm Enabling Ransomware Attacks on Americans
US Treasury sanctions individuals and a VPN firm for enabling ransomware attacks, learn how to protect against such threats and the role of cybersecurity in preventing them
Dev.to · Codego Group
📰
Inside-Out Learning
Learn how to prepare students for a career in cybersecurity by teaching them to think, build, defend, and adapt
Medium · Cybersecurity
📰
GhostExodus Forces Cybersecurity to Trust a Rule-Breaker
Learn how a former rule-breaker's transformation raises questions about trust in cybersecurity
Dev.to · XOOMAR
📰
​Supply Chain Attacks Are Forcing Threat Detection To Focus On What Code Can Do
Supply chain attacks are shifting threat detection focus to code capabilities, requiring a merge of dev speed and security scrutiny
Forbes Innovation
Up next
Cryptography Explained Visually — Watch AES, RSA, TLS & More Work Step by Step
Zariga Tongy
Watch →