Guys i need a bit help.Is the Tj null playlist of Ippsec good for oscp prep?I have done various vulnhub oscp level machines.Any other good playlist for oscp?
So unlucky haha i started this as my first box yesterday, reached the secure crypt part and when i was just about to resume the challenge today i saw it was retired. Anyway, great content as always. Thanks.
I think it's hilarious how you easily explain super difficult things, but then your mind explodes explaining a simple concept such as MOD :) good job though, great box.
I don't understand the directory traversal part. He puts /../ before the .py code but the /../ means hes going back a directory when he needs to go forth to the develop directory. How does that work?? Does /../ mean any directory in this case??
The SuperSecureServer script is outside of DocRoot, there just happens to be a copy of it in DOCROOT/devel. Watch it again the part when I explain how python web apps normally work
ippsec, you should start using ffuf, its very stable and fast :D Also, I used bandit (the python vulnerability analyzer) for the SuperSecureServer.py Made my life a lot easier!
Because bounties are generally low (or unpredictable) pay compared to traditional employment and dealing with people can be a pain. I view bug bounties as a way for companies to get free/cheap work and don’t really want to support them. It’s definitely nice to be able to report something when you come across it, but I’m not going to go out of my way to help a company on a promise.
11:46 - "It's probably because it started with the hashtag" Owch Ipp - Just owch. "I run calculator and... I get a shell" Sounds like your average exploit PoC :p With the new flag system you can actually cat the flag - No need to worry about character counting it :)
hey , yours videos is very awesome , i saw yours videos ,but some points i didnt get it,bcoz i am begginer, am=nd i start learning ,pentesting,plzz give me suggestion where to start for me,bcoz its very hard to understand all things