HackTheBox "Business CTF" - Time

HackTheBox "Business CTF" - Time - Command Injection

Рет қаралды 34,910

2 жыл бұрын

If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond

Пікірлер: 44

@SinusQuell_ 2 жыл бұрын

this makes me want to try some of these myself

@FVT-tn8ji 2 жыл бұрын

Yeah same, the problem is that Ive never done anything like that lol

@markgentry8675 2 жыл бұрын

Really enjoyed the time you took to explain this one. it's pretty straight forward, but this format would be great for beginners. love your work

@EmaCannella 2 жыл бұрын

Followed you up since start of the year and quality has evolved in the meantime. Keep It up📼

@LlewdLloyd 2 жыл бұрын

Just wanted to say I'm new in the I.T. industry, read A+ and studying for my Network + cert while pursuing cyber security and watching these videos and having you explain things is really helpful for me despite how basic some of these are. Just wanted to say I appreciate the content this way.

@viv_2489 2 жыл бұрын

This little breadcrumbs are so essential, thanks for sharing 👌👍

@joeymelo2882 2 жыл бұрын

Love the CTF videos! Keep that up man!

@ca7986 2 жыл бұрын

I love your work John! ❤️

@4lpina 2 жыл бұрын

absolutely love your videos John

@jocularich 2 жыл бұрын

Love your content John....learn more and more.....greeting from indonesia

@ashishalex10 2 жыл бұрын

Awesome content, getting to learn some new stuff :)

@vivekchoudhary8745 2 жыл бұрын

I learned a lot from this ctf.

@MovieWorldNow 2 жыл бұрын

I like the tune after the video ending

@highvisibilityraincoat 2 жыл бұрын

yay john is going back to his roots

@BaraGraff 2 жыл бұрын

love your videos man

@thischannelhad40subscriber51 2 жыл бұрын

Great video's mate.

@mmmdyarcavadl9004 2 жыл бұрын

Really helpful thank you

@kiingjamesdagamer4738 2 жыл бұрын

Love ur vids

@andy-og7sv 2 жыл бұрын

brilliant

@sudosuraj 2 жыл бұрын

That was good

@ikhmalfahmi9308 2 жыл бұрын

Yayyyyy ctfs!!!!!!

@evanhadi6395 2 жыл бұрын

u are awsome

@koukiadem 2 жыл бұрын

Can you please tell us why it didn't work with curl or browser? And why it's working only python?

@comdeyoverflow2414 2 жыл бұрын

I am first command. Holy YES!

@vaisakhkm783 2 жыл бұрын

Me first to reply you and second to comment 😏

@nizarel-marzouki9076 2 жыл бұрын

Me second to replay and third comment

@johny_dope5361 2 жыл бұрын

@@nizarel-marzouki9076 me third to reply and 4th to comment :)

@deanvangreunen6457 2 жыл бұрын

5th. baby!!!

@thatsilentguy2483 2 жыл бұрын

You may be first to command but not to comment

@faizaanilyas 2 жыл бұрын

What happened to the dark web series?

@safwanljd 2 жыл бұрын

The reason it didn't work in the browser/curl was because you were using && instead of ; && runs the second command only if the first command ran successfully ; runs the second command regardless of the first command And since the first command is `date ''` which returns an error, the second command never ran!

@_JohnHammond 2 жыл бұрын

?format='; whoami # still fails in the browser. The command would run `date +''`, which doesn't error, and returns an error code of 0 indicating it succeeded. It just has an empty string for a format string :)

@AwesomeLazyNinja 2 жыл бұрын

@@_JohnHammond I believe the reason it does not work in browser is because # is never sent to the server as it is the "fragment identifier". However, URL encoding it to %23 might have worked IMO :) Thank you for great video as always!