Failing easy local file inclusion challenge - mindreader (misc) Google CTF 2017

preview_player
Показать описание
At first I was not able to solve the mindreader challenge and then I got spoiled. I have a critical look at my approach and figured out two major mistakes I made.

-=[ 🔴 Stuff I use ]=-

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF #WebSecurity
  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
Failing easy local 0:06:50

Failing easy local file inclusion challenge - mindreader (misc) Google CTF 2017

TryHackMe! [Web Vulnerabilities] 0:10:52

TryHackMe! [Web Vulnerabilities] Local File Inclusion

HACKLOG 2x22 - 0:09:54

HACKLOG 2x22 - Attacchi ad Inclusione (Local & Remote File Inclusion)

Local File Inclusion 0:03:24

Local File Inclusion LFI vulnerability on Honor Huawei Website By Shreyas R Gujar.

Remote File Inclusion 0:09:54

Remote File Inclusion Explained and Demonstrated!

How to use 0:07:45

How to use File Inclusion to get Remote Code Execution?

$1500 Bounty : 0:04:31

$1500 Bounty : Local File Inclusion Vulnerability | Manual Exploitation | Bug Bounty POC

Local File Inclusion 0:03:03

Local File Inclusion (LFI) #lfi #ctf #learning

Php vulnerability Local 0:03:19

Php vulnerability Local File inclusion LFI

Local File Inclusion 0:01:19

Local File Inclusion

Local File Inclusion 0:03:01

Local File Inclusion (LFI) | practical | Bug Bounty

Local File Inclusion 0:10:10

Local File Inclusion For Beginners | LFI | TryHackMe | Part 1

Understanding Local File 0:13:12

Understanding Local File Inclusion Vulnerability | TryHackmMe LFI

Reading Secret Files 0:13:13

Reading Secret Files with Local File Inclusion! (Web App Hacking)

Hacker101 - File 0:02:11

Hacker101 - File Inclusion

Zoshell Local File 0:00:11

Zoshell Local File Inclusion (LFI) hackthebox Tabby

PHP Web App 0:05:03

PHP Web App Penetration Testing: From Local File Inclusion (LFI) to Remote Code Execution (RCE)

Web Hacker Basics 0:09:52

Web Hacker Basics 04 (Local and Remote File Inclusion)

How to exploit 0:09:45

How to exploit LFI (Local File Include) vulnerability on webpages.

Local File Inclusion 0:01:54

Local File Inclusion (LFI) Vulnerability with file:///etc/passwd - Bug Bounty PoC

TheHardendedLFI | LFI 0:08:16

TheHardendedLFI | LFI PoC | Local file inclusion vulnerability

LFI Local File 0:09:07

LFI Local File Inclusion

From Local File 0:08:38

From Local File Inclusion to Remote command execution - How to upload a web shell

#57 Local File 0:10:30

#57 Local File Inclusion using google console - ethical hacking

Комментарии
Автор

"Getting stuck / failing is ok -> researching more... -> accidentally learn something, might as well not solve it"

Really good mindset, all challengers should share it 🙂

Creased_
Автор

"That's interesting, but it doesn't give me anything"
Me everytime at CTF challenges

olfmombach
Автор

It is a super critical lesson. This is why I am such a big fan of your channel: It's not only the technical bits that are passed to the viewer, but important tactics, and cultural knowledge, as well.

Ljk
Автор

Thank you for explaining the mistakes rather than editing them out and simply solving the challenge. It provides an additional learning experience.

trevorfacer
Автор

You're by far the most knowledgable YouTuber doing CTF/hacking-related stuff.

xdeadbeefee
Автор

Not kidding: ive seen so many of your videos that sometimes it looks like a friend showing me stuff. Tks a lot

murchmurch
Автор

“Sanity Check” would love to see you try that

rage
Автор

Gynvael Coldwind on the last stream show how to properly solve this task

TechnikZaba
Автор

What exactly was the idea behind choosing and inputting the specific /proc files into the path instead of some other file? In other words, why are these specific files more interesting to look at? Couldn't the answer be in some other random file?

conflagration
Автор

The first things I go for when I find LFI are index.php, index.js and main.py.

michael-gary-scott
Автор

why trying to read from /dev/fd/1(for example) didn't work? i remember a ctf challenge that you could read the flag from a file descriptor after the program opened a file.txt, is there a reason that the request in the video didn't work?

George-pvlq
Автор

How would you suppose to know that if we have a main.py on that server? do we need to fuzz it?
please someone answer, I am curious.

luckythandel
Автор

Some hints might help in case when you think completely wrong, but in this case I think you had it. People should use spoilers for stuff like these :P

theosls
Автор

Did u take notes on the other challenges u did complete

alekescalante
Автор

The question on my mind is... how were you supposed to know that there was a file called main.py in the current directory? Since you can only do file inclusion and not command injection.

idkfkingknowlmao
Автор

Yesterday I was solving a CTF asking me to examine files from the android backup file, I examined the files I recovered down to binary data. Half an hour later I noticed that the flag is written in an image file. Sometimes the answers are simpler than we expected.

ayberkeser
Автор

Awesome one !! Hoping for videos on other challenges soon :D

abiralshrestha
Автор

hi
i have the knowledge of ceh and sans 542 and i know owasp top ten but, real world have a big difference with courses examples
so please tell me where i can gain some good experience that help me in real hacking
i need every resource (book, video, ...)
please this is more than a dream for me its a goal

mohammaddh
Автор

how would you realize the file is main.py? just by trying out things or is there another way?

nlahmi
Автор

You are awesome just like your content, only thing increase the audio make it louder please

sayantandatta