Forum Replies Created

Page 1 of 6
  • Christophe

    Administrator
    July 1, 2022 at 3:43 pm

    While all of the prizes have been claimed, please feel free to share your solution below!

  • Christophe

    Administrator
    June 25, 2022 at 9:08 pm

    Hi William, I remember having similar issues when I upgraded to some of the latest VirtualBox versions. I hand’t found a solution and reverted back to a prior version just as a short-term fix

  • Christophe

    Administrator
    January 16, 2022 at 12:37 am

    Hey @techblazes ! Answered in Discord but will also answer here for anyone else wondering.

    Your sample code is vulnerable and does work with certain payloads.

    .innerHTML doesn’t allow for scripts to be executed, so it actually prevents XSS payloads that use script tags (like <script>alert(1)</script>)

    It does not prevent XSS payloads that make use of onload events, like: <img src=x onerror=alert();>

  • Christophe

    Administrator
    January 8, 2022 at 4:47 am

    Hey @amp87 can you provide more info please. Like what commands have you issued that result in this? Can you copy/paste the output?

    More info is needed to help troubleshoot

  • Christophe

    Administrator
    January 8, 2022 at 4:45 am

    Hi @Margarita , this is a really good question. The only long-term answer to this, I think, is practice and repetition. At the end of the day, my courses are designed to help you get started, and then you need to take what you’ve learned and apply it on your own. By doing that, you’ll run into issues and frustrations. Keep working through those, and as you find answers, you’ll not only build confidence, but you’ll also learn so much more!

    If you do plan on sticking in the web application security and/or ethical hacking area, I’d highly recommend that you spend some time learning web development. It’s going to be super helpful when you’re trying to find vulnerabilities, because you’ll understand certain things that you wouldn’t otherwise learn. You’ll also be able to think like a developer, which can be really helpful in finding security bugs.

    I hope this helps clarify, but if not, please let me know and I’ll try a different approach! Thank you also for the great question.

  • Christophe

    Administrator
    January 5, 2022 at 4:27 pm

    I also had some similar issues recently, and I believe it has to do with version mismatches. Thanks for sharing the solution!

  • Christophe

    Administrator
    January 5, 2022 at 4:44 am

    Argh! When I re-uploaded the videos in higher-def, I accidentally paste in the wrong URL and didn’t notice. Please try now @qedpro10 !

    https://cybr.com/courses/cross-site-scripting-xss-the-practical-guide/lessons/beef-hook/

    BeEF hook

  • Christophe

    Administrator
    October 21, 2021 at 7:00 pm

    Personally, I’d recommend that you work on applications that interest you. That’s one of the biggest factors in my consideration, because if it’s an app/project I’m interested in, I’m far more likely to stick to it than not, regardless of large or small scope

  • Christophe

    Administrator
    August 29, 2021 at 3:31 am

    Just wanted to update here that the course is now officially fully uploaded!

    The Practical Guide to sqlmap for SQL Injection

  • Christophe

    Administrator
    August 18, 2021 at 5:05 pm

    Since a hashcat upgrade to v6.0.0+, running hashcat within a virtualized environment is giving errors. The best approach is to not run hashcat inside of Virtual Box or VMWare, and instead, to run it on your host machine. There will be fewer issues with drivers and access to more of your hardware that way.

  • Christophe

    Administrator
    July 19, 2021 at 11:33 pm

    Unfortunately, the recording software we were using stopped working partly through the episode, so Jayson’s audio did not record 🙁

    This was jampacked full of awesome info, so I’m super bummed that this happened. Luckily, those who attended the live recording were able to hear it so it wasn’t a total loss.

    Sorry, will work to make sure that doesn’t happen again!

  • Christophe

    Administrator
    July 19, 2021 at 5:30 pm

    hey! Yes, the course is live and in Early Preview. Early Preview means that a significant portion of the course has been uploaded, and I’ll continue to add content to it every week until it’s complete. So now is the best time to get the course because I discount it while it’s in Early Preview, and you get all updates!

  • Christophe

    Administrator
    June 25, 2022 at 10:44 pm

    Hey, talking about VirtualBox’s version itself. We might be able to further research and see who else is having this issue and if they’ve discovered a fix

  • Christophe

    Administrator
    September 3, 2021 at 3:28 pm

    Fantastic! I can’t wait to see your progress reports and help you push forward. Will definitely be on the lookout for those!

  • Christophe

    Administrator
    July 13, 2021 at 9:58 pm

    Burp, sqlmap, and Commix serve very different purposes. Yes, Burp does have some tooling that can do scans for sqli or OS command injections, but sqlmap is dedicated to finding sqli and Commix is dedicated to finding OS command injections. Those tools were built for very specific purposes instead of trying to do everything under the sun.

    This is a terrible analogy, but my brain is mush right now and I can’t think of a better one: it’s kind of like if you bought a weed eater and asked if you could cut your grass with it. Technically you could, but it’ll take longer and won’t look even or good at all. So instead, you go and get a tool dedicated to the task: a lawnmower. The lawnmower will do a great job of cutting your grass, but it won’t help with your edges or the rest of your yard.

    So oftentimes, you’ll use a proxy tool like Burp or ZAP to thoroughly check out your target, and if you find interesting endpoints that you want to test for sqli, you’ll pull out sqlmap and use the information you’ve proxied from Burp to craft attacks with sqlmap.

Page 1 of 6