And wait for bad things to happen
Jul 04, 2021
·
6 min readBypass SSRF filters using domain redirection and abusing Python PDB
Oct 15, 2022
·
9 min readSecret starts with analyzing web source to recover a secret token from older …
Sep 28, 2022
·
12 min readBountyHunter features a website that is vulnerable to XXE attack. Exploiting it …
Nov 22, 2021
·
7 min readSSTI in Nunjucks and SUID capability on Perl
Nov 07, 2021
·
10 min readAntique is one of the machines listed in the HTB printer exploitation track. It …
Oct 20, 2021
·
10 min readDynstr imitates a company that offers a Dynamic DNS service. The provided API …
Oct 18, 2021
·
12 min readCap starts by identifying an IDOR vulnerability on its hosted website. Using …
Oct 14, 2021
·
6 min readAs a medium difficulty box, Pit from Hack The Box has an interesting enumeration …
Oct 13, 2021
·
15 min readSecond-order SQL injection
Sep 24, 2021
·
6 min readSSTI in Golang, abuse S3 bucket, and NGINX backdoor
Sep 12, 2021
·
15 min readExploiting the backdoor planted in PHP 8.1-dev
Aug 28, 2021
·
4 min readActually, I hide it
Aug 18, 2021
·
2 min readAbusing JWT key identifier and breaking out of a Docker container
Aug 07, 2021
·
10 min readDeserialization attack on YAML and reversing web assembly
Aug 06, 2021
·
9 min readCode execution with path traversal
Aug 06, 2021
·
9 min readTIL: The staff group allows you to override binaries' executable paths.
Aug 06, 2021
·
5 min readPwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package
Jul 26, 2021
·
10 min readHands on with ShellShock vulnerability
Jul 13, 2021
·
4 min readInitial setup for starting boot2root by me
Jul 09, 2021
·
7 min readA ctf for beginners, can you root me?
Jul 02, 2021
·
3 min readGetting password from automatic login script of ChromeOS
Jun 26, 2021
·
10 min readThis is a machine that allows you to practise web app hacking and privilege escalation
Jun 18, 2021
·
5 min readMy small cheat sheet for forensics and incident response on Linux systems
Jun 16, 2021
·
2 min readFriendly PHP insecure deserialization attack and race condition
Jun 14, 2021
·
11 min readExploiting exploitation tools and command injection in a log file
Jun 14, 2021
·
8 min readAlfa starts with enumeration on FTP to obtain a username and an image file which …
Jun 13, 2021
·
10 min readMake smooth font rendering in Firefox
Jun 06, 2021
·
1 min readDC-9 from VulnHub features a website that is vulnerable to SQL injection.
I’m …
Jun 02, 2021
·
9 min readDC-6 starts off by enumerating usernames from a WordPress website and use a …
May 30, 2021
·
8 min readLearning about backdoor techniques and how to deal with them
May 25, 2021
·
9 min readExploiting a logic flaw called TicketTrick
May 25, 2021
·
9 min readTurns SSRF to remote code execution and escape from a Docker container
May 15, 2021
·
9 min readExploiting an insecure deserialization on Jackson library and how to mitigate it
May 09, 2021
·
9 min readSeven times seven is equal to SSTI
May 08, 2021
·
8 min readUSBCreator LPE on Linux
May 07, 2021
·
9 min readExample of a phishing attack and PyPI package exploitation
Apr 28, 2021
·
10 min readAbusing Tomcat manager-script roles and escalate to root with LXC container
Apr 26, 2021
·
7 min readPentesting against simulated AWS S3 Bucket
Apr 24, 2021
·
14 min readLFI to RCE on GitLab 12.8.1~12.9.0
Apr 17, 2021
·
11 min readSQLi for login bypass and embed webshell to an image file
Apr 09, 2021
·
6 min readExploiting OpenNetAdmin vulnerability and sudo nano
Apr 02, 2021
·
6 min read