Buff is rated as an “Easy” Window machine on HackTheBox .Related to CVEs. Webshells, file transfers, and SSH tunnel port forwarding. Enumeration nmap -sC -sV 10.10.10.198 There is only 1 port 8080 is open which is associated with http . We can see a website hosted there with a login page on index.php. Firstly i […]
C|EH Practical Review and Guide
This Post is all about my approach to C|EH Practical. What is C|EH Practical? C|EH Practical is a six-hour, rigorous exam that requires you to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, web app hacking, etc. in order to solve security audit […]
Local file read via XSS using PDF generate functionality
Hello InfoSec elites, I’m going to share a story about how I escalated a low severity bug into a critical one. I was taking a look at different functionalities of one of the program and it had a Collab feature where we can make notes and share with others. There was an option to export […]
CTF Lab
What is CTF ? CTF(Capture the flag) is a kind of competition that challenges participants to do tasks from basics of hacking to your way into hacking web servers. Usually flag is a piece of text hidden somewhere on the webserver or tricked to be in a file but hidden. The goal is to find […]
HTB Mango Writeup
Mango is a good linux based machine to improve your enumeration skills you might learn some new things from this. Enumeration nmap -sC -sV 10.10.10.162 Opening the host in our browser on port 80 we are presented with an 403 forbidden error so we tried opening the host on 443 and got this. Now this […]
Road to Recon with EchoPwn.sh
This is a recon tool which allows you to discover the subdomains used by a target web application on both client and server side. Afterwards, it runs dirsearch on the resulted text file. It can also scan for open ports using NMAP and finds hidden parameters on every live Host. Summary: Hello everyone, in this […]
iOS Testing Lab Setup Guide – Part I
This post is about IOS Lab Setup. In this you will learn how to jailbreak iPhone and start the Pentesting.
HTB Traceback Writeup
Enumeration nmap -sC -sV 10.10.10.181 Here port 22 and 80 are open but we can’t see anything here coz both are on their latest version Checking Host in our browser. This site has been ownedI have left a backdoor for all the net. FREE INTERNETZZZ- Xh4H -This might be a hint let’s go to the […]
Yogosha Hackitivist Challenge 2019
I started with hackitivist1 and found that the provided link was vulnerable to blind SQLI, so I started digging more into it. As you can see in the picture below (Figure 1) that after running SQLMAP, I was able to find the database. And then after, I found the username, password, and secret key Unfortunately, […]