No video :(

Command Injection - Lab #1 OS command injection, simple case | Long Version

Подписаться 79 тыс.

Просмотров 12 тыс.

50% 1

In this video, we cover Lab #1 in the Command Injection module of the Web Security Academy. This lab contains an OS command injection vulnerability in the product stock checker. The application executes a shell command containing user-supplied product and store IDs, and returns the raw output from the command in its response. To solve the lab, we execute the whoami command to determine the name of the current user.
▬ 🌟 Video Sponsor 🌟 ▬▬▬▬▬▬▬▬▬▬
Purchase the Hacking Fundamentals Bundle: hackersacademy.com/courses/ha... (affiliate link)
▬ ✨ Support Me ✨ ▬▬▬▬▬▬▬▬▬▬
Buy my course: academy.ranakhalil.com/p/web-...
▬ 📖 Contents of this video 📖 ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
00:13 - Hackers Academy sponsorship (hackersacademy.com/courses/ha...)
02:05 - Navigation to the exercise
02:37 - Understand the exercise and make notes about what is required to solve it
03:20 - Exploit the lab manually
08:03 - Script the exploit in Python
19:38 - Summary
19:52 - Thank You
▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬
Python script: github.com/rkhal101/Web-Secur...
Notes.txt document: github.com/rkhal101/Web-Secur...
Web Security Academy Exercise Link: portswigger.net/web-security/...
Rana's Twitter account: / rana__khalil

Опубликовано:

7 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 25

@RanaKhalil101 2 года назад

🌟 🌟 This video is sponsored by @Hackers Academy Hacking Fundamentals Bundle! Are you interested in pentesting but don't know where to get started? Check out the courses in this bundle to start learning about the fundamentals for less than $30: hackersacademy.com/courses/hacking-fundamentals/buy?coupon=RANAK 📚📚 Don't want to wait for the weekly release schedule to gain access to all the videos and want to be added to a discord server where you can ask questions? Make sure to sign up to my course: bit.ly/30LWAtE

@user-ev6fj4bt7x 5 месяцев назад

That video finally brought some meaning to the lab! Without real life context, I don't feel labs give me any knowledge, and you've fixed it!

@dukedadson774 Год назад

wow how i've never heard of you till now ..i saw u on David Bombal's page ..and decided to check u out..u brilliant and I just like the way you script to automate the projects with python..i feel like getting two real life scenario cases in a bundle..God bless you and don't stop..u rock !

@adamhamilton10 Год назад

Same here seen from David's page already clicked the Subscribe button.

@CyberAbyss007 2 года назад

Thank you! Love your presentation and explanation.

@GilligansTravels 5 месяцев назад

Nice I love the programming part especially !

@josukehigashikata174 8 дней назад

this is awesome thank you

@aalekhmotani3877 2 года назад

thank you so much for the great content.

@mohamedghonem6542 2 года назад

Thanks for you . I wish you the best of luck

@steiner254 2 года назад

Interesting

@alirezaghulamsakhi6097 Год назад

thanks alot shokran

@acronproject Год назад

very good

@css2165 Год назад

why does this channel not have more subscribers???

@adamhamilton10 Год назад

It will, all great things take time.

@jay_wright_thats_right Год назад

Things don't happen overnight.

@poplu7076 6 месяцев назад

ma'am can you explain why you url encoded only the one half and not the other

@utkarshmishra1928 Год назад

Hi Rana, Greetings!!! Just wanted to know if the labs provided in your web security academy course require BurpSuite professional or can be solved with BurpSuite community edition only.