hacker0x01 / hacker101 Goto Github PK
View Code? Open in Web Editor NEWSource code for Hacker101.com - a free online web and mobile security class.
Home Page: https://www.hacker101.com
License: Other
Source code for Hacker101.com - a free online web and mobile security class.
Home Page: https://www.hacker101.com
License: Other
The video is not playing properly
Your last commit broke all the .md links in the general README file. Can you please revert that change, for simplicity? π
Hi and thank you for all you share here!! thats a lot of work and you make it well!!!
We can read the coursework will be deprecated on the 1st October in favor of the CTF but can you release the source code in this github for those who want to make them locally, or just want to review the code for trainning our skill in code analysis??
Thanks
Error while running 'bundle install' in directory.
Originally posted by @hackgod512 in #76 (comment)
I'd appreciate if you could upload the slides somewhere, so I can read at my own pace.
Thanks!
I'd like to suggest changing the Coursework style to be on CTF formats which allows players to achieve something by making real world exploitation for the discovered vulnerabilities.
Need to decide on a license for the videos, course materials, etc.
The description and contents list the order of topics as "SQL injection (, blind SQLi) , directory traversal, and command injection" but the order covered in the video is "directory traversal, command injection, SQL injection, blind SQLi". Changing the order of the description and contents to be inline with the video order will help users understand the concepts and search within the video for specific sections.
Add this under vulnerabilities.
you are swallowing the words,,it not clear thought
thankyou
I was watching the introduction video and when I finished, I wanted to go to the next video but I couldn't because there wasn't "next video" button. So a next video button would be appropriate.
Great website though
Hi! Thanks for this content!
I just noticed that the "sign up now" link in the "get started" section of this page: https://ctf.hacker101.com/howtoplay points to stay on that page (/howtoplay), instead of pointing to the "sign up now" page.
Hope this helps!
I can't access https://www.hackerone.com/hacker101
When i try this coursework : https://levels-a.hacker101.com/levels/0/
i know there is have csrf bug because i didn't see any prevention for csrf like token or something but i donno if i already solve it in correct way
and, i got the reflected xss in the amount parameter that can be send using get/post request : https://levels-a.hacker101.com/levels/0/?to=1&amount=%22%3E%3Cimg%20src=x%20/%3E
but there is no clue or something that indicate i solve the problem
also for the idor i think we could manipulate the id on parameter to
but i confuse what the goal is from the idor, there must be something that indicate we got the vulnerability it will help new comers to learn the idea.
Hi again xD
I start looking the videos and for practicing i look in to coursework but i dont really understand the logic or the link between videos and exercises. It will be better for noobs like me to know something like before level0 it is better to look Videos x,y and z. And give how many vuln we can exploit, i saw a hint in level0 but i dont remember if there is this info.
I dont know if you understand what i want to say lol
However thanks
Video player must have options like full screens and action buttons etc will be really help full
I have made a lot effort to try to visit youtube but failed.
I wonder that will you please provide urls for these videos that i can download and learn them.
Best wishes.
.
Last login: Tue Jan 21 03:35:09 UTC 2020 on pts/2
Linux kali 3.18.31-fly-g22c0ebd-27271-geae3ddb #2 SMP PREEMPT Tue Jul 3 15:03:38 CST 2018 aarch64
The programs included with the Kali GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
[root@kali][]/hacker101]
#cd hacker101
[root@kali][
#ls
404.html README.md assets resourceGen.py update_bootstrap.sh
CNAME _config.yml discord.html resources videos.md
Gemfile _includes favicon.ico resources.md
Gemfile.lock _layouts index.md resources.res
LICENSE _sass playlists sessions
[root@kali][~/hacker101]
#bundle exec jekyll serve
NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.
Gem::Specification#rubyforge_project= called from /usr/share/rubygems-integration/all/specifications/erubis-2.7.0.gemspec:16.
NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.
Gem::Specification#rubyforge_project= called from /usr/share/rubygems-integration/2.5.0/specifications/thin-1.7.2.gemspec:22.
NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.
Gem::Specification#rubyforge_project= called from /usr/share/rubygems-integration/2.5.0/specifications/msgpack-1.1.0.gemspec:19.
NOTE: Gem::Specification#rubyforge_project= is deprecated with no replacement. It will be removed on or after 2019-12-01.
Gem::Specification#rubyforge_project= called from /usr/share/rubygems-integration/2.5.0/specifications/eventmachine-1.0.7.gemspec:21.
Configuration file: /root/hacker101/_config.yml
Source: /root/hacker101
Destination: /root/hacker101/_site
Incremental build: disabled. Enable with --incremental
Generating...
WARNING: The text-hide()
mixin has been deprecated as of v4.1.0. It will be removed entirely in v5.
on line 10 of /root/hacker101/_sass/bootstrap/mixins/_text-hide.scss, in `text-hide'
from line 57 of /root/hacker101/_sass/bootstrap/utilities/_text.scss
from line 14 of /root/hacker101/_sass/bootstrap/_utilities.scss
from line 41 of /root/hacker101/_sass/bootstrap/bootstrap.scss
from line 2 of an unknown file
Conversion error: Jekyll::Converters::Scss encountered an error while converting 'assets/css/style.scss':
Invalid US-ASCII character "\xE2" on line 5
jekyll 3.7.4 | Error: Invalid US-ASCII character "\xE2" on line 5
[][root@kali][~/hacker101]
The current repository description is identical to the name of the repository, this is not very informative when parsing the json reply from a repository search using the github api. I would recommend adding a short meaningful description, for example: "a free class for web security" .
All the videos under sessions are displaying the code for an embedded youtube video, could just have a link to clean up?
Or something like this: https://stackoverflow.com/questions/11804820/embed-a-youtube-video
Is this the same request as #32 ?
https://levels-a.hacker101.com/static/report0.txt is pointing to Affected Assets: http://h101levels.appspot.com/levels/0.
I have some suggestions and requests that have come through to the Support team:
For people that do not have access to the internet, all the time make some of the content available offline or downloadable.
Upload the following videos:
Vulnerabilities Directory Traversal
https://github.com/Hacker0x01/hacker101/blob/master/vulnerabilities/directory_traversal.md
Vulnerabilities Padding Oracle
https://github.com/Hacker0x01/hacker101/blob/master/vulnerabilities/padding_oracle.md
Vulnerabilities Reflected Cross-Site Scripting (XSS)
https://github.com/Hacker0x01/hacker101/blob/master/vulnerabilities/reflected_xss.md
Vulnerabilities Stored Cross-Site Scripting (XSS)
https://github.com/Hacker0x01/hacker101/blob/master/vulnerabilities/stored_xss.md
Vulnerabilities Stream Cipher Key Reuse
https://github.com/Hacker0x01/hacker101/blob/master/vulnerabilities/stream_reuse.md
Add a section about recon and basic methodology for recon.
Add a section for resource material for reading.
In this application, there are a lot problems:
These issues can be solved by:
Web hacking has an invalid URL at line caaf944#diff-e91595e36e5cb525639dc041dd5fff53c2b0efc7ecff4c8431f4909af61d83b9R25 made by commit caaf944 which right now says:
https://github.com/Hacker0x01/hacker101/blob/master/'playlists/web_hacking
Instead of:
https://github.com/Hacker0x01/hacker101/blob/master/playlists/web_hacking
The SQL injection video suggests that ORM's completely mitigate sql injection. This statement should probably be modified as in it's current form the information is misleading.
Links are giving a 404 because of the missing .md extension.
Example:
https://github.com/Hacker0x01/hacker101/blob/master/sessions/clickjacking
It should be:
https://github.com/Hacker0x01/hacker101/blob/master/sessions/clickjacking.md
https://github.com/Hacker0x01/hacker101/blob/master/sessions/introduction.md im not sure if this is deliberate
First who wants to join takes the permission of other like the admin and me to admit in hackerone as a new member.
need more example thanks
???????
There is no solutions to course work.
It would be great if you would open source the coursework, so you can review the code, add suggestions and host it locally. The site where the coursework is hosted, is every slow - throttled?
The mother explains her sons name is ... Robert'); DROP TABLE Students;--
The 3 slides later, the Example PHP's sql statement reads students with a lower case.
The very next slide indicates that Bobby's name inside the query would result "SELECT age, grade, teacher from students WHERE (name='Robert'); DROP TABLE Students;--') "
I believe this sql would not do anything unless there exists both a Students and students table
Yeah
On the video "File Upload Bugs" the slide titled "Separate Domains" on minute 2:30 says: "...files uploaded by users should be hosted on a separate domain." However, the narrator specifies "...should NOT be hosted..."
Thought you should know :)
xss was easy, but i cant solve the others.
where can i see solution/hints?
Add SSRF
How to Detect And its Exploitation With A DEMO Lab.
Add rce, subdomain takeover
Thanks for looking at these suggestions.
Bb
Add this topic in injection criteria.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.