Part 2 Package Dependency Confusion Vulnerability | Advance Bug Bounty Tutorials | Hindi

Подписаться 75 тыс.

Просмотров 4,7 тыс.

50% 1

In this video we are going to learn how to find Package Dependency Confusion Vulnerability. This are found in NPM, PIP and other packages. I will teach you how to find Package.json vulnerability.This is part 12of the video where we will see how to takeover the package.
Tools used in the video:
Code Used for Index.js: pastebin.com/raw/EHWyE8zb
🔴 ** BE MY FRIEND **
🌟Web:
🌟Instagram(Personal): / thecyberzeel
🌟Instagram(Spin The Hack): / spinthehack
🌟Twitter: / thecyberzeel
🔴 ** ABOUT THE CHANNEL **
At Spin The Hack I document my career and teach you what I learn in easiest explanation.
Spin The Hack is one of the leading Indian educational enterprise aimed at helping people learn and understand cybersecurity in better and simplest way.
At Spin The Hack, We serve the best possible Cybersecurity and Penetration Testing content through our website and RU-vid Channel, help students grasp all the concept that matter and are related to field.
‼This channel focuses only on education and doesn't promote anything that is unethical. On this channel, I explore the field of Cybersecurity so that it helps the audience to learn and earn at the same time.
🌟Penetration Testing Videos in Hindi
🌟Bug Bounty Hunting Videos in Hindi
🌟Tips and Tricks related to Cybersecurity in Hindi
🌟Forensics Coverage and Tutorials in Hindi
🌟 Useful Cybersecurity News in Hindi
________________________________________
For Business Inquiry-: contact@spinthehack.in
________________________________________
🔴STOP: Before Starting This video, Keep in mind that this video is just for Educational purposes and nothing illegal is promoted here. We, along with RU-vid, are not responsible for any kind of action taken by you using this video.🔴

Опубликовано:

30 сен 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 64

@SpinTheHack Год назад

First you need to setup your npm so install npm with apt install npm and then type NPM LOGIN and add your username and password which you used to create account on npmjs website.

@vivaanvivaan3920 Год назад

great knowledgeable video sirrr....neya sikhne ko mila hai....aise video sir or leke aiye channel ke uper

@parshantkumar2455 Год назад

Please don't stop making these education videos because we love your way of teaching

@DrGamer666 Год назад

Your video made me so curious about supply chain attacks that i did an in-depth study and later it also helped me in doing the case study about SolarWinds hack. This series is a treasure, thank you ❤

@asuraindra Год назад

exactly

@sparkhar7041 Год назад

Great video sir keep it up we are with you 🔥🔥🔥

@aatankbadboy3941 2 месяца назад

Love you bro keep uploading 🎉❤❤

@jbond5614 Год назад

Great explanation bro.

@BotAmi Год назад

I love spin the hack Bhai ❤❤

@AR001-28 Год назад

Awesome Bhaiya Thank you for your effort ❤️☺️

@hacker-lp7ug Год назад

great work bro

@eraedith696 Год назад

All good👍

@swagat5468 Год назад

Thanx bhai is video ke liye...❤️

@mdiftikharmahmud246 Год назад

vaiya ji aup karte raho humlog he apke sath

@jod_jod Год назад

Thanku Bro...❤️

@vickyrajwade8665 Год назад

crystal clear 👌👌👌👌❤❤

@ashiqurrahman275 Год назад

best explanation love from bangladesh

@h4s4n_ma Год назад

Good job🔥

@dishant_singh4556 Год назад

Khtrnaak video

@Kalia_nullbit Год назад

Thanks!

@Dhruv-te6dy Год назад

thanks for this video

@aravindmenon12 Год назад

superrr

@mvv175 Год назад

Thx Bhai

@shivshivam1634 Год назад

🔥🔥🔥🔥

@gunjanvishwakarma382 Год назад

👍👍💯💯

@hiphopbanglarduniya7135 Год назад

After watching this video I found package dependency vunerability one of govt site

@0xdefensive Год назад

Which terminal or theme are you using , type of shell ?

@RamKumar-oq8ov Год назад

Thanks

@SpinTheHack Год назад

Welcome

@sushmithas504 Год назад

Whether your course advance bug bounty is it in English

@souravkumar961 Год назад

What we have to do after this?

@sayim0x Год назад

Great explanation. But my question is if we can successfully takeover npm but we have to wait for update target machine. If target machine is updating then we can get RCE . Without updating target machine we can’t do anything. Here is my question , if i can takeover private dependency then i can report it?? Because if we can try for RCE then we have to wait for updating target machine.

@AR001-28 Год назад

Bhaiya "preinstall" private package me be hoti he?

@vinaygupta5619 Год назад

your content is just mind blowing. 🔥🔥🔥 Can you pls suggest, How do i monitor dark web using open source tools? Which tools are available for dark web monitoring?

@nerajjha2875 Год назад

sir please sir what if they dont upgrade there package how will we valid this bug

@rafael322able Год назад

where do i see the output after execution?

@fairflay9189 Год назад

when come osint training?

@AR001-28 Год назад

Bhaiya dependency confusion normally system ambiguity nahi ata bhaiya?

@shareemnaveen5798 Год назад

To bro ismein rce kaise milega.... Mtlb hamne upload kr di.... Ab kya ota machine kb apdate ho... Or burp ka link v use and throw hota hai and ap purane ko use v ni kr sakte ... Hamein pta kaise chlega or poc kaise bnaegi?

@souravchakraborty3872 Год назад

Bro yeh wordpress pe bhi ho sakta hain na?

@souravchakraborty3872 Год назад

@MR SHERI HACKER uska steps kya hoga?

@shareemnaveen5798 Год назад

@aryan_shorts812 Год назад

Bhaiya apne kha tha youtube hacking videos allow ni krta islye ap website pr dalte ho. Jiska maintenance charge ap fees leke pay krte. To Cloud security k videos website pr q hai? Free m playlist bnaiye youtube pr. Unhe ban ni kiya jyega

@mehulverma9496 Год назад

I wanna correct a mistake sir you specified preinstall : index.js insted of this we whould have written preinstall : node index.js to run the script

@savageboi1058 Год назад

thnx for this bro.....but ek confusion hai jo burpcollaborator ka link dala to vo link to expire ho jayega na to uski jgah pe * lga skte hai ??..plz reply

@UsamaAli-kr2cw Год назад

@@savageboi1058 aby bhai agr regex ki base pr code attacker host select kr rha hoga tou hr bndey ky paas hit jaega jiska collaborator khulaa huwa hoga.😂😂😂😂

@UsamaAli-kr2cw Год назад

@@savageboi1058 burpcollaborator ki jga apna khud ka vps use krlo.

@pranshushakya2106 Год назад

This will not work. Reason: You make the version number of package 1.0.0 that is the first version of the package. So the system will not update to the publish package. Make the version number large then it will work

@rafael322able Год назад

where do i see the output after execution?

@Xpl0itme921 Год назад

I reported same vulnerability and all close as N/A 🙄🥺

@mehulverma9496 Год назад

You should first wait for pingback on your interactsh or collaborator

@Xpl0itme921 Год назад

@@mehulverma9496 tumhe mili koi agr mili to btana broo 🥹🥹

@mehulverma9496 Год назад

@@Xpl0itme921 Mujhe mili hai aaaj

@Xpl0itme921 Год назад

@@mehulverma9496 konse platform me hackerone ya bugcrowd

@mehulverma9496 Год назад

@@Xpl0itme921 Hackerone

@moinkhokhar1897 Год назад

Bhai mere 5 Rce Reject hogya Via This same method bhai company boti he hum is ko nhi jante aap ne galat package install karliya he humari ky galti jab ki unki system me me root command whomi or bhi khuch chala ra hu to chalri hhe or unke pc se ho bhi rha he in 5 min mera package 400 bar download kiya ja chuka he fir bhi company nhi man ri he 🤣🤣🤣🤣🤣

@Xpl0itme921 Год назад

Same here but ek program ne bounty di hsi mereko

@nerajjha2875 Год назад

bhai log i want to say that i am happy today bhai mera same bug pe bounty mila merko aaj lekin kabhi ghamand nahi kiya

@Xpl0itme921 Год назад

@@nerajjha2875 kitni ki bounty mili

@itinsider22 Год назад

@@Xpl0itme921 kitni di bounty??

@asuraindra Год назад

From Package Dependency Confusion , upcoming methods and lot more to go on one Station @SpinTheHack and way of teaching will change your perspective to see through thing ♥ RTT Case-Study was really something !! Really Enjoyed and learned lots of thing during SolarWinds Case-Study!!