Short Summary
The video discusses a hands-on approach to exploiting Remote Code Execution (RCE) vulnerabilities in a target server. The presenter shares their experience of overcoming data exfiltration challenges, detailing various techniques to extract information even in blind RCE scenarios.
Key Points
- Introduction to Remote Code Execution (RCE) vulnerabilities and their implications.
- Collaboration with another hacker to analyze a specific vulnerable application.
- Initial struggles with data exfiltration due to lack of verbose output and HTTP/DNS capabilities.
- Explanation of different methods to exploit RCE, including:
- Using `curl` to send commands to a personal server for data retrieval.
- Utilizing DNS lookups to exfiltrate data when HTTP is disabled.
- Implementing the `sleep` command combined with an if-statement to infer data character by character.
- Demonstration of using tools like Burp Suite or Kaido to automate data extraction processes.
- Encouragement for viewers to engage by sharing additional exploits or methods not covered in the video.
- Recognition and thanks to collaborative partners for their support in the project.
Youtube Video: https://www.youtube.com/watch?v=Mt32ZHP4790
Youtube Channel: NahamSec
Video Published: 2024-10-07T13:00:27+00:00
Video Description:
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! , 👍
📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
💻 If you want to practice some of my free labs and challenges: https://app.hackinghub.io
💵 FREE $200 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b
🔗 LINKS:
📖 MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces – https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs – https://amzn.to/455F9l3
🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I’d Do this – https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty – https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting Full Time – https://youtu.be/watch?v=ukb79vAgRiY
Hacking An Online Casino – https://youtu.be/watch?v=2eIDxVrk4a8
WebApp Pentesting/Hacking Roadmap – https://youtu.be/watch?v=doFo0I_KU0o
MY OTHER SOCIALS:
🌍 My website – https://www.nahamsec.com/
👨💻 My free labs – https://app.hackinghub.io/
🐦 Twitter – https://twitter.com/NahamSec
📸 Instagram – https://instagram.com/NahamSec
👨💻 Linkedin – https://www.linkedin.com/in/nahamsec/
WHO AM I?
If we haven’t met before, hey 👋! I’m Ben, most people online know me online as NahamSec. I’m a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.
FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.