Видео

Hey, some of the techniques used in these videos (e.g. Frida hooking) can be used for SSL cert pinning bypass, check this: infosecwriteups.com/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29

Glad it helped 🙏

@@intigriti I always try to learn from right people .Appreciate

The "field" is indeed the parameter, but since we saw "email" was a valid value for the field parameter, it makes sense that other form fields on the page would also be accepted ("reset_token" in this case).

Thank you!! 💜

How? 🧐

Nice! 👊

Thanks a lot 😊

Caido is still KING for us free users.

🥰🥰🥰

It would be on the filesystem!

Thank you! 😃

👀👀👀

It's been a while since I looked at this challenge but I'm guessing the api_friends function in app.py is most interesting for you.. Let me know if you want to see more! @app.route('/api/friends') def api_friends(): query = request.args.get('q') email = users.find_one({'username': query}, {'email': True, '_id': False}) if email: user = users.find_one({'$where': f'this.email == "{email["email"]}"'}, {'username': True, 'friends': True, '_id': False}) return json.dumps(user) else: return []

👊

😉

Welcome 😊

Awesome! Thanks for the feedback 💜

I guess it could be either, depending on how the game was developed. Maybe those 2 addresses are being populated from another pointer or maybe the game is copying the health value to another address at some stage. This could be a basic anti-cheat protection, e.g. if player changes health, the 2 values will no longer match and the game can take action (restore health to correct value). It's more likely to be a benign reason, e.g. the health is used in some other function, but the value is copied to a new variable during this time. Maybe you can try modifying each value individually, then both at the same time to see what the effect is..

The focus will always be hacking, not cheating 😛 Hopefully we will make more game hacking content in future but unlikely console-focused.. Maybe mobile!

@@intigriti true that but i would really love to see ps4 game hacking cuz it's like cheat engine a bit harder specially with pointer and there is not a lot of videos about it so i guarantee you the views and i asked you because i love how easy you explain things

Hmmm that's the first I heard about the cool boot being required, not too sure on that one. Looks like you can configure in android-studio, e.g. stackoverflow.com/questions/50420374/how-to-cold-boot-emulators-running-api-27-on-android-studio but AFAIK not required

Welcome! 💜

Very nice

Thanks! 💜

Unless you have access to the source code, you don't! You just have to probe for race condition, similar to the other labs.

Good point on the transferring gift cards to a new account!

Keep watching this series until you have the basics down, then maybe the answer to your question will become clear 😉

@@intigriti I know how to make all types of codes already can you suggest videos to watch to speed things up?

Hmmm maybe for this, the cheat engine forum will be most useful, e.g. forum.cheatengine.org/viewtopic.php?t=619282&sid=c0c35f68febf9db304e031a074304df7 You could also check this video, maybe it will help: ruclips.net/video/sx5GHoybGgY/видео.html

@@intigriti Thanks for reply. God Bless 💕✝

No problem! 🥰

Thank you! Glad you like them 💜

I love it. Great speech speed, pronunciation, explenations, non monoton speech, not confusing over jumping from A to B topics or clicking. excelent video presentation, excelent acustic sound and the length is perfect. My personal opinion all videos under 30min are perfect because me as noob has to look min 2x which is around 1-2h of work with practicing, personal notes, thinking,etc to make it easier to remember. Thx your your work ❤

🥰🥰🥰

Let's go!! 👊

Hmm each pointer is just a memory address, which we don't present as floats

The graphql features are built-in to burp suite, they should appear on any requests/responses that are identified as graphql 🙂

If you are using an OS like Kali Linux it is probably pre-installed. Otherwise, try and run "sudo apt-get install exiftool"

Hmmm not too sure, was it definitely created using the RPG Maker?

Thanks! 💜

First, I'd recommend completing the tutorial series and getting the basics down. Maybe you'll have some ideas about how to accomplish your goal along the way. The cheat engine forums are a great education resource for learning about specific hacks/games also!

@@intigriti Thank you brother

Yes, burp suite is free! You can get a paid version but for most people (especially those learning) the free "community" edition will suffice. If you use an OS like Kali Linux or Parrot, burp will be pre-installed. If not, check installation instructions for your OS: portswigger.net/burp/documentation/desktop/getting-started/download-and-install

Can you remind me what it's called in the video? It probably came from github.com/danielmiessler/SecLists

Good luck 🤞🤞🤞 Hope you are learning some new things along the way!

@@intigriti Thanks, I tried other games and it works. Mindustry is kinda unique because once I got the pointer. Next time I reopen the game. Even the pointer change. At least I learned something new.

💜

Noted! 📝

Hey, did you manage to solve it? If not, it might be worth double-checking the steps in the official portswigger solution

Glad it helped!

Hey, you mean the wordlist specified at line 8, e.g. @ 4:45? You should just be able to type in a new value, unless I misunderstood your question? 🤔

Hmmm IIRC the important thing here is that the session ID must be different for each request, but you also need to update with the new CSRF token

@@intigriti Thank you so much, for your quick replay <3 Regarding to the Lab, as you said, I needed to update the other request with the new token, so I've completed the Lab. Thank you so much again.