first. thx ippsec for all you do. your videos were a big help to my learning. I just finished oscp and am doing htb cpts now
@sitandstand5469
Жыл бұрын
Is there any bufferoverflow on the exam?
@ianmusyoka9717
Жыл бұрын
Am starting oscp in a month... How was the exam if it's okay to ask did you pass?
@ejnixon
Жыл бұрын
@@ianmusyoka9717 i did pass
@ejnixon
Жыл бұрын
@@sitandstand5469 there can be . best to be prepared for anything in course material
@joewharton7735
Жыл бұрын
Surprised nobody said this yet but congrats on the pass. Oscp is big 👌👏
@TidyDawg
Жыл бұрын
It's incredibly inspiring how knowledgeable and calculated you are, thanks for another awesome walkthrough. I'm aiming for OSCP in October next year so my plan is to work through your videos taking notes and then try the boxes the next day to see if I can complete them, I'm studying on the side also.
@yudistiraarya7435
Жыл бұрын
great video as always!
@fufu_btw
Жыл бұрын
One of the greatest box I rooted on HTB ! 😀 Still a great video from ippsec 😉
@rdx8122
Жыл бұрын
Nothing is 100% secure, everything and every service on the internet is vulnerable from some or the other vulnerability, but its just our white hat's attack that lacks perfection somewhere, and this thing is proved by our sir 😂❤✌16:59
@FMisi
Жыл бұрын
I enjoyed rooting this box. Forgot seems interesting too
@SomeGuyInSandy
Жыл бұрын
I learned something, thanks :)
@xking18
Жыл бұрын
Use blame functionality of the git hub to find the exact commit that changed the line
@joewharton7735
Жыл бұрын
Nice tip. Cheers
@frontpage11111
Жыл бұрын
great done
@UmairAli
Жыл бұрын
I have a question about SQL injection, can we use any statement other than "select" ? I mean for Example you found a sql injection but what if the select keyword is not allowed for the current user? can we not inject the website using insert into etc?
@ippsec
Жыл бұрын
Your injecting into a select statement to begin with. Could search Ippsec.rocks for sql inject update to see it there.
@AUBCodeII
Жыл бұрын
Yes, you can. You can train this on the box CAP from HackingClub
@UmairAli
Жыл бұрын
@@ippsec please do clear this to me as a developer, if I am using mysqli_query(); function and write this: mysqli_query("select * from products where product_cat_id=1"); and when as an attacker I am injecting the parameter id=1, so this means ofcourse we are injecting into a select statement, like you're doing at 14:40, but on 14:40 , you wrote "select group_concat" means here you used the select keyword, so my question was that can we use any other keyword instead of select? like insert into () ? or update() ? this I asked because I wanted to know that is it possible that we can update or insert data using these keywords ,after breaking the query ?
@UmairAli
Жыл бұрын
@@AUBCodeII link please :)
@ippsec
Жыл бұрын
@@UmairAli No. Within a union statement you are limited to select.
Пікірлер: 23