Guessing vs. Not Knowing in Hacking and CTFs

Channel:

Subscribers:

920,000

Published on October 18, 2020 7:18:10 PM ● Video Link: https://www.youtube.com/watch?v=L1RvK1443Yw

Duration: 11:31

60,273 views

5,007

I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could just be read in the source code. I much rather focus on technical details, tricks and techniques.

Try the XSS challenge: https://hacking.app/xss/xss_chall1.html#welcome

Failed DOM Clobbering Research part 1/2: https://www.youtube.com/watch?v=dZXaQKEE3A8
Chaining Script Gadgets to Full XSS part 2/2: https://www.youtube.com/watch?v=UGtrpXk6QVU

00:00 - Introduction
00:37 - Steganography in CTF
01:38 - Dirbuster & Asset Discovery
02:21 - XSS Example (see description)
02:53 - Global Variables in JavaScript
03:21 - The window.name Variable
03:55 - Is this Guessing?
04:20 - Example Solution Walkthrough
06:00 - Benefits of this Challenge
07:20 - The Importance of Scanning
08:19 - Scanning vs. Reading Code
08:57 - Improve Steganography Challenges
10:22 - Summary
11:10 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

Other Videos By LiveOverflow

2021-02-14	How CPUs Access Hardware - Another SerenityOS Exploit
2021-02-05	Does Hacking Require Programming Skills?
2021-01-22	Reading Kernel Source Code - Analysis of an Exploit
2021-01-10	Kernel Root Exploit via a ptrace() and execve() Race Condition
2020-12-24	IT Security Career Advice
2020-12-01	My Life in Short/Shirt Stories - The Time I Learned PenSpinning (~2007-2009) - Shirt Stories #1
2020-11-26	Solving Nintendo HireMe!!! with "Basic" Math
2020-11-19	Nintendo Hire me!!!!!!!!
2020-11-07	How Hacking Actually Looks Like - ALLES! CTF Team in Real Time
2020-10-26	What is a File Format?
2020-10-18	Guessing vs. Not Knowing in Hacking and CTFs
2020-10-08	Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020
2020-09-28	Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020
2020-09-18	XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020
2020-09-09	XSS a Paste Service - Pasteurize (web) Google CTF 2020
2020-09-01	Why Hackers Love the Number 1,094,795,585
2020-08-25	FPGA simulated on a GPU - GPURTL Google CTF Finals 2019 (reversing)
2020-08-21	Winners of Google Capture-The-Flag Finals 2019 🏳️
2020-08-16	Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)
2020-08-12	Google CTF Finals 2019!
2020-08-08	Bug Hunter Talks & Init.G for Student - Escal8 2019 Day 2

Tags:

Live Overflow

liveoverflow

hacking tutorial

how to hack

exploit tutorial

guessing

bug bounty

ctf

capture the flag

knowing

bag of tricks

hacking techniques

window.name

XSS challenge

steganography

bugbounty

whitebox

blackbox

scanning

dirbuster