EWEBSITE()
.home()
.posts()
.github()
hacking
hackthebox
javascript
machines
nginx
privesc
sqli
web
websockets
cache
challenges
varnish
bruteforce
bypass
haproxy
rate_limiting
inheritance
nodejs
prototype_pollution
ssrf
xss
apache
http_smuggling
CVE-2022-44268
imagemagick
dns
dns_rebinding
android
mobile
sslpininng_bypass
2022
ccsc
crypto
ctfs
forensics
misc
pwn
reverse
2024
js2py
jwt
path_traversal
serviceworkers
wizerctf
n00bz
programming
write_primitive
zip_slipping
2023
class_pollution
flask
python
magic
weird
angr
assembly
rc4
wireshark
HackTheBox - Machines Soccer
Date: 15/08/2023
login using default credentials: admin: admin@123 from https://github.com/prasathmani/tinyfilemanager upload simple php reverse shell and get shell as www-data...
hacking
hackthebox
javascript
machines
nginx
privesc
sqli
web
websockets
Reading Time: 1 minutes
protected
HackTheBox - Challenges EasterBunny
Date: 07/08/2023
This post is password protected, description is not available
cache
challenges
hacking
hackthebox
varnish
web
Reading Time: 2 minutes
protected
HackTheBox - Challenges No-Threshold
Date: 09/12/2023
This post is password protected, description is not available
bruteforce
bypass
challenges
hacking
hackthebox
haproxy
rate_limiting
sqli
web
Reading Time: 1 minutes
HackTheBox - Challenges Breaking Grad
Date: 01/11/2023
A file that particularly stands out is...
challenges
hacking
hackthebox
inheritance
javascript
nodejs
prototype_pollution
web
Reading Time: 2 minutes
HackTheBox - Challenges WS-Todo
Date: 30/11/2023
The functionality is very simple, you can either get or add todos...
challenges
hacking
hackthebox
javascript
ssrf
web
websockets
xss
Reading Time: 3 minutes
protected
HackTheBox - Challenges ApacheBlaze
Date: 01/11/2023
This post is password protected, description is not available
apache
challenges
hacking
hackthebox
http_smuggling
web
Reading Time: 2 minutes
protected
HackTheBox - Challenges Prying Eyes
Date: 10/12/2023
This post is password protected, description is not available
CVE-2022-44268
challenges
hacking
hackthebox
imagemagick
web
Reading Time: 2 minutes
HackTheBox - Challenges Saturn
Date: 03/11/2023
I very simple flask app is all this challenge is. We can immidieitly spot a kind of SSRF as a service vulnerability. And the flag is retrieved by /secret if the request is coming from localhost. Ok then what prevents us from using the ssrf to request /secret, get the flag and get done with it?...
bypass
challenges
dns
dns_rebinding
hacking
hackthebox
ssrf
web
Reading Time: 4 minutes
My Android Pentesting Setup
Date: 31/05/2024
Initialize waydroid and allow it to download the latest Lineage OS SDK + GAPPS (Google services)...
android
hacking
mobile
sslpininng_bypass
Reading Time: 3 minutes
CCSC 2022
Date: 17/05/2022
year I could't make it in to the top 10. This year though I wanted to change that! Read until the end to see what happened....
2022
android
ccsc
crypto
ctfs
forensics
hacking
misc
pwn
reverse
web
Reading Time: 9 minutes
Wizer CTF 2024 All Challenges
Date: 08/02/2024
Last week I was able to participate at a wonderful CTF organized over at Wizer. This CTF consisted of 6 web challenges in varying difficulty where participants were challenged to a Blitz speed-hacking competition of who can solve the most in 6 hours very generous prizes for the top 3....
2024
bypass
ctfs
dns
dns_rebinding
hacking
js2py
jwt
nginx
path_traversal
serviceworkers
ssrf
web
wizerctf
Reading Time: 22 minutes
N00bz CTF 2024 writeups
Date: 05/08/2024
Above we can see a small program that asks the user to calculate answers of adding two random numbers. The user is asked to choose the number of questions he wants to answer and is awarded with the respective number of characters of the flag. However since there is an exponential delay due to pow(2,i), the classical approach of an automated solver would take too long. The smart thing to do here is to use the negative indexing feature of...
2024
ctfs
hacking
misc
n00bz
path_traversal
programming
pwn
write_primitive
zip_slipping
Reading Time: 9 minutes
CCSC 2023 Forgotten Classes
Date: 16/07/2023
This is an old API for a classroom application that is no longer used due to the AI takeover. Inside information states the API is still available and is connected to the AIs internal infrastructure. Can you can hack it and read any hidden secrets on the root / path of the server?...
2023
ccsc
class_pollution
ctfs
flask
hacking
inheritance
jwt
python
web
Reading Time: 5 minutes
CCSC 2023 Secret Prompt
Date: 21/07/2023
We believe the machines came up with their own mechanism to keep humans out. Deceive the machines. Make them believe you are one of them and retrieve...
2023
ccsc
ctfs
hacking
javascript
magic
web
weird
Reading Time: 4 minutes
CCSC 2023 Shellhunting
Date: 21/07/2023
One of the generals of the AI-sponsored government left his house unlocked while he was going to the beach. Ava spotted the powered on computer, and managed to intercept the traffic from an unknown application....
2023
angr
assembly
ccsc
ctfs
hacking
rc4
reverse
wireshark
Reading Time: 5 minutes