Is Natas relevant? Can I complete it without really learning php/js (I'm at level 11).
Jaxon Russell
>Can I complete it without really learning php/js Yes, but I don't understand why "learning" php or js would be a problem. Once you understand the basics of programming then you can use any language as long as you learn the syntax. What's more, if you only care about being a skiddie then you don't have to learn anything at all.
Cooper Richardson
>HTB doing this during my free time at work. Gives me something to do that isnt shitpost for 8 hours
Juan Sanders
I'm sick of HTB and their buggy and kali friendly boxes.
Isaac Rogers
I don't care about being something, I'm having fun solving puzzles, and so far whatever what I'm reading is doing has been self evident. I was just wondering if there will come a point where I'll need more specific familiarity.
Dylan James
Anyone test OWASP's Juice Shop? It's a fully functional application, built with modern web development tools.
Doing this along with reading the Web Application Hacker's Handbook. Recently finished most of the ctf challenges from hackerone -- shit compared to juice shop. github.com/bkimminich/juice-shop
I've already solved all 1 star challenges(and most 2 star), but cleared my browsing history. Definitely check this shit out if security is of any interest to you. Also here's this: owasp.org/index.php/OWASP_Juice_Shop_Project
I don't think so, most the of things I remember from it were pretty standard vulnerabilities. Having a source code to read only happens on the first challenges. Anyway, I only got past the padding oracle, couldn't defeat the perl underground which I think is some kind of crazy filter evasion that could require some kind of specific knowledge.
Fucking hell, I know "modern" web development is a meme but building that shit took longer than building a game engine and used 3gb of RAM for some stupid reason.
Owen Rogers
Where does one find ongoing/upcoming CTF challenges? As a noob I'd like to be able to participate and do my usual googling/learning without immediately getting write-ups and youtube solutions in my results, and the only way that seems to be is when the competition is running since nobody is going to publish a thing during that time period.
Luis Rivera
I just found my first legitimate bug from a site on hackerone. >writing report >sorry, we're undergoing maintenence. >can't submit for shekels fucking reeeeeee
How much do companies pay out for XSS vulns? I doubt much. Still fucking ecstatic I found something real, instead of the toy websites I've been breaking for the last few months. Also found some client side auth bypass, but I don't think it's good enough to report as a bug. I'm new to *real* shit, so I'm feeling stupid in my description.
Alright, they're up again. Report submitted. Of course there's something that has to be annoying. >HackerOne needs to confirm it before submitting the report to X Well, how do I know they're not going to steal my report?
Mason Rogers
Nice, how did you choose the program? Did it take you too much time to find the xss?
Robert Watson
I was initially ignoring programs with large amounts of reports, but I said fuck it, and went for the first one I saw. They had a few domains, so I just clicked one, and got to work.
>Did it take you too much time to find the xss? No, honestly. Like an hour, maybe a little less. I couldn't believe I actually found something, such a fucking thrill. Hopefully it wasn't already reported, waiting like mine is now.
Aiden Perez
I defintely found another on the same website. I don't know what to call it. I'm afraid to fully test it, I think it may break their server, and I don't want to get sued. *~*
Adrian Morales
Doesn't it have a safe harbor policy? Just make it blow and become a legend.
Brody Jenkins
I already submitted it as potentially dangerous. Kek. It definitely is. Fuck, this shit is addicting.
William Powell
Also, I'm poor as fuck and would just end up in prison for 10 years, forgotten about.
I will remember you, friend, you have achieved more than I will ever achieve.
Kayden Rivera
Not true, user. Thanks for the kind words, though.
Hudson Mitchell
Yes, it's not true. You are not my friend. You will achieve nothing. You will die in agony like every dumb attention whoring anime pedo scum.
Juan Jones
Is everything going well at home, user? Tell us your problems.
Noah Cruz
Things like you is my only problem.
Ian Perez
You don't have to derail the thread just because someone likes something you don't. Stop being childish.
Liam Harris
Sitting in the OSCP labs atm. Blown over 30 boxes apart, still got 2 months of time to go
Nolan Wood
Was it a stored or reflected XSS?
Chase Cook
Haven't done any reversing or exploit dev in months; surrendered my laptop for a couple of years, going to try some farming work. Fuck computers.
William Morgan
>going to try some farming work. I can’t wait to hear about how badly this goes for you
Sebastian Brown
Both, and something else. HackerOne accepted it, now it's off to the company. I would fucking love to get paid for this, but I feel like I'm just going to get "thanks", which would be fucking ridiculous.
I bet they will and then tell you how its not good enough to report. Thats actually not a bad idea to scam people.
Kayden Ward
Kek, I did this once. But on a much larger scale. Like much much larger. I basically fucked up really bad, and they fucked up really bad for making it possible. As a result, the entire company network became split, whole mpls network went down with one command. I heard through some sources that they were completely inept at fixing it, and it took them a week to re-establish even basic communications. They lost 1.8 million that quarter. I just slowly backed away and threw my computer in a lake.
Dominic James
>tfw no downtime at work I hate my job
David Reyes
what's the purpose of a warzone? how is it different from a wargame?
Kevin Baker
Yeah, ya know, I understand blackhats now. It was good enough, but marked as "Duplicate". I figured, I found them way too fast. It's fucking retarded you at least still don't get points or something.