Youtube

Hacking Websites With A Zip File (Zip Slip)

Youtube



Video Summary and Keypoints

Short Summary

The video discusses the testing and exploitation of file upload vulnerabilities, specifically focusing on a vulnerability known as “zip slip.” The presenter elaborates on how this vulnerability can be exploited to replace files on a server by leveraging path traversal within zip files.

Key Points

  • Importance of testing file uploads for vulnerabilities.
  • File types like zip, docx, and PowerPoint allow for various attacks post-upload.
  • Introduction to the “zip slip” vulnerability, which allows overwriting files in different directories.
  • Demonstration of creating a proof of concept (POC) using Python and chat GPT.
  • Explanation of how to name files to take advantage of path traversal.
  • How to use Sneak to scan projects for vulnerabilities, including zip slip.
  • Real-world application of exploiting a zip slip vulnerability during a penetration test.
  • Discussion of alternative methods to exploit vulnerabilities beyond zip slip.
  • Encouragement for viewers to engage with the content and provide feedback.
  • Conclusion and invitation to the audience to like and subscribe for more content.

Youtube Video: https://www.youtube.com/watch?v=4sKlbMiGWAw
Youtube Channel: NahamSec
Video Published: 2024-09-30T13:00:05+00:00

Video Description:
Check out Snyk , πŸ‘‰πŸΌ snyk.co/nahamsec
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! πŸ‘

πŸ“š If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training
πŸ’» If you want to practice some of my free labs and challenges: https://app.hackinghub.io

πŸ’΅ FREE $200 DigitalOcean Credit:
https://m.do.co/c/3236319b9d0b

πŸ”— LINKS:
πŸ“– MY FAVORITE BOOKS:
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities -https://amzn.to/3Re8Pa2
Hacking APIs: Breaking Web Application Programming Interfaces – https://amzn.to/45g4bOr
Black Hat GraphQL: Attacking Next Generation APIs – https://amzn.to/455F9l3

🍿 WATCH NEXT:
If I Started Bug Bounty Hunting in 2024, I’d Do this – https://youtu.be/z6O6McIDYhU
2023 How to Bug Bounty – https://youtu.be/FDeuOhE5MhU
Bug Bounty Hunting Full Time – https://youtu.be/watch?v=ukb79vAgRiY
Hacking An Online Casino – https://youtu.be/watch?v=2eIDxVrk4a8
WebApp Pentesting/Hacking Roadmap – https://youtu.be/watch?v=doFo0I_KU0o

MY OTHER SOCIALS:
🌍 My website – https://www.nahamsec.com/
πŸ‘¨β€πŸ’» My free labs – https://app.hackinghub.io/
🐦 Twitter – https://twitter.com/NahamSec
πŸ“Έ Instagram – https://instagram.com/NahamSec
πŸ‘¨β€πŸ’» Linkedin – https://www.linkedin.com/in/nahamsec/

WHO AM I?
If we haven’t met before, hey πŸ‘‹! I’m Ben, most people online know me online as NahamSec. I’m a hacker turned content creator. Through my videos on this channel, I share my experience as a top hacker and bug bounty hunter to help you become a better and more efficient hacker.

FYI: Some of the links I have in the description are affiliate links that I get a a percentage from.

#cybersecurity #hacking #bugbounty

Tags: EXPLOIT, VULNERABILITY, HUNTING, full, LEARN, PENETRATION