Yes 😀

Yes

Yeh. We are waityn

Yes and also process to reqch there

YES YESYESYES

Would you help show the installation of the bricks web app. I have installed it and tried to run it but I receive an error saying there is an error in line 9 in the config.php file.

@@retro4848 oh god, sure:)

tryhackme and hack thebox u probally found it now

where do you live?

Thats why we gotta hash passwords??

@@damegaye3051 No. You hash them because if the database is getting hacked, the hackers only got hashed pw instead of plaintext pws. You can crack them with the help of rainbowtables but it needs to be in there to do so.

Maybe I get you wrong but I think what you say isn't working. Instead of base64 them (which means they would decrypted and executed aswell) you should use something like "mysql_real_escape_string" and for security reasons and cleancode aswell you shul typehint them. So, if you are working with GET and POSTS from whereever (even in Cookies, which can be manipulated easily) you should do something like $myGetter = (int) $_GET['myGetter'];

@@timmytainment i cracked a hash some time ago, and the password was 1233abcd.. lol

Use prepared statement, hash and salt the password.

there is an answer for your complain under your comment, lmao. " Thank you so much Loi! Your info is extremely valuable for beginners who are trying to make their websites slightly more secure. " It is not about hacking the system, but for teaching beginners to understand what technologies are used to hack, so we beginners can prevent them.

the thing to bring out is some sites developed by devs that didn’t aware it. and you were the customer of that site who inputted the cred info 😂

@@altayyerassyl3213 I understand your response now that you commented it 18 hours ago. I agree with you that this information is extremely valuable for beginners, and I actually did the full PortSwigger Labs course on SQL injection myself. However, my comment was written more than a year ago, and back then the video was called “How to scan and PWN any website”. It was NOT called “SQL injection for beginners”. Therefore, I excepted this video to be much more advanced and cover advanced topics applicable to modern times. You can see a lot of comments very similar to mine in that regard. I guess that’s why the author eventually renamed the video from click-bait crap to something useful.

@@kostiaperegudaplop just used sql injection to hit moveit and the US defense lmao, now it doesn’t look dumb does it 😊

@@strang7739 in general such vulnerabilities are discover by tools, not by people, moreover, specific vulnerabilities like injection vulnerabilities are discovered mostly using white-box analysis, which operates on the source code. It is very rare that black box analysis alone can discover such specific vulnerabilities. Therefore, most of the vulnerabilities are published by the software manufacturers themselves, together with updates fixing those vulnerabilities. However, the hacker gangs try to perform what is known as a zero-day exploit. They target users of the software, who has not updated immediately, and thus hack them using publicly known vulnerability. This is exactly what clop has done. Clop used publicly available exploit to hack into organizations who have not updated the software. 90% of security breaches are actually exploiting already known vulnerabilities and publicly available exploits of the older versions of the software and are happening because users are not updating their software to the newest version. P.s. that’s why you must never disable automatic Windows updates on your PC:)

Sus

@@rcsxuth8594 idc

@@JohnRobertPotter u were like : omg..>! i think im in love with you!

@@rcsxuth8594 yep

@@JohnRobertPotter nope sus still if u say idc then u sussy baka and if u try to cheat the system u gay af fr

@@callimero2731 There is no need for teamwork lol. SQL injections are plain and simple, either via the list of SQL queries or centralized injection systems that sprout these attacks. This is not movies lol, when hackers work with each other and say: "I'm in!", hahaa. It is usually one perpetrator. Nowadays, due to many services offering DDOS protection, it is more likely to get hit by MTM (man in the middle attacks) that abuses the communication between two users by altering the message or stealing ID_key from either valid communicators and then communicate with 1 of them instead. Though true, DDOS attacks are **sometimes** performed in groups due to sheer overload needed to crash a desired service. Usually, perpetrators turn to bot networks or service injections that use foreign/unauthorized access to vast amounts of computers. Then, they use them to send the payload to the certain service's address. However, due to the filtering systems used nowadays by packet management systems in our devices...it is hardly possible to do anything decent without proxies.

@@Guide4Ever Thank you, it was just my opinion

@@callimero2731 who tf is using sqli for ddos?

u can extract data from website that us vulnerable to this exploit.

Next to the subscribe button, there is a join button. You have to pay for it

Devs are gods in earth

Yeah, now all modern languages have build-in escaping or ORMs. This vulnerability dead from ~2007.

@@AngelVlad100 super agree

@@AngelVlad100 haha lol ...sql injection is still no 3

@@satishm223 I know, but I didn't see any actual public website with such vulnerability for the last 10 years.

Don’t fool anyone, you’re going to become a hacker!

@@Hephasto no harm on that , how are we gonn improve our security if there is no one to hack it 😜😜

@@hamzajon8823 if there was no hackers there would be no need to secure anything, does it make sense?

@@Hephasto and so millions of jobs would be gone

@Jonathan Dahan The part of your statement "without needing to know what's going on behind the scenes" is the part I am concerned with. I will also add if everything is so secure why the need for PEN testing in the first place? I get the fact that majority of the vulnerability's are cause by the end user. You would think people who head up IT security would be more aware of the simple stuff.

@Jonathan Dahan It would be safe to say then that pen-testers will always be needed to some extend in the industry for the foreseeable future? As with everything computer related I just state don't download anything from an unknown source. Keep software up to date and use anti virus. And the biggest one I constantly say back up your data!

Ye chaca idhar bhi☹️☹️☹️☹️

Online manual is a good place to start

Wat do u mean. Hope u dont mean that, Thats a virus!!!

@@francesgisondi7216 Hope I don't mean what?

what programming languages did u use to make the game ? and are u self taught ? or went to school to learn? if so what online free resources did u use to learn all that. Thanks :)

@@slicker1260 Nobody have the same route towards being a good developer, I tell u what try youtube, coursera, udemy, udacity and just see what suits you, also learn and APPLY don't just learn.

​@@ahmedbahaj8786 the learn and apply part is some of the best advice you couldve offered, i took a programming class back in the day, and after i was done with the class i didnt really do anything with the knowledge i gained, so i forgot a decent amount of what i was taught. had to go to another programming course to make sure i was job ready haha.