I’ve always been no trailing slash guy, but now I am thinking going to be always tailing slash guy

wow that was fun to watch, i honestly didn't know about that nginx misconfig. uhhh time to go recheck all of my configs coz thats pretty scary

Damn man... Its so awesome to watch you do this.. Keep it up

John… lovely work as always dude! Cheers! [checks path mods]

Wow John your amazing!! Thank you for all the amazing how-tos! I’m curious how long did this take you to do? Your real time, keep it up. God bless.

its mind blowing to see so many chrome tabs open at the same time🤣

I had no idea what was going on until the last few moments. No idea what Capture the Flag had to do with Laravel. But you're actually playing Capture the Flag. Interesting.

Hi John, just need some knowledge that I am trying to figuring out recently, currently I am fiddling around with Java, and interesting thing I found about it was that Windows 10 does not check for Code Sigining of a Jar file but if I deploy a simple hello world written in C/C++, exe file on a different computer it detects it as a malacious file and does not let user to run it. What are the edge cases that will prevent someone from writting a Java based virus or a ransomware to go undetected by a security endpoint given the fact writing obfuscate code to prevent behavioural analysis by security.

Thanks so much Amazing content ^^

FYI, Azure VMs are not "pingable", Microsoft for some reason removed this feature from Azure VMs

Interesting, any other / exploits we should know about to path our systems?

Thank you so much 🥰🥰🥰

great wholesom video

Hey John, can you do Etituber? I'm curious about the XXE payload...

A small clarification - the .env file is gitignored because different environments uses different .env values, and to keep this away from source control, but not because we want to exclude/hide it from a production environment. Of course, there are also other ways to set environment variables in a production runtime.

Hey John. I wonder if i can solve these challenges after the ctf is over ?. I want to practice on my own

👏🏻👏🏻👏🏻 Awesome!

Amazingg videoo !!

nice one

I am not super familiar with command line: what does "cat /tmp/f | sh -1 2>&1" actually do? Thanks John, your videos are really awesome!

What's the cookies plugins, John?

❤️

What version of Xubuntu does the VM have?

could you access the .env file? *EDIT* lol I was way too impatient.

Laravel 😍😍😍

That ngix misconfig is scary

That was hot

Can you do a video of Pegasus spyware how it works and how to protect from it

kuuuurwa

Sir, I want to build a booking website using php, html and css. If I don't learn javascript is it possible to make it

I am posting all the information of identity thefts scammers as I am building myself to be unstoppable success of my own

Hey John, I notice that you always solve more web challenge in HTB Business CTF. I think that your channel root is reversing or crypto. Can i know the reason?😊

What about simply reading /assets../.env? If that doesn't work, because we are speaking of php developers, there is always at least one route that can be easily forced into a 500 to get the debug screen and read the entire configuration from there.

Test CVE-2021-36934 Serious SAM and Hive-Nightmare

I will no longer sleep at night.

When you get access to .env you have access to the db name user + password I think you could just try that for to ssh to the server

I'm sry, I found you a few weeks ago, and love the content, but I just have to say it. God: 'how many frackles do you want" John: "yes" XD love you! Keep it up!

Bottomline: deny ANY file/directory starting with a dot from being accessed publicly.

Pog? Pog? Being early-ish?

Sir please give your picoCTF class code

all it took was a simply missing '/'

I didnt know seth rogan had a twin brother who is a hacker

you do not need to close the `?>` in php files

Need firebase exploit

Why are you using old version of Ubuntu