Finding the password from the next level of #nebula wargame in the TCP stream by using Wireshark.
#exploitdev
https://telegra.ph/Nebula-08-09-20
#exploitdev
https://telegra.ph/Nebula-08-09-20
Telegraph
Nebula - 08
> Source code There is no source code available for this level. > Getting the flag The .pcap file is in the flag08 folder, let’s download it to the main machine and analyze it with Wireshark. One of the ways could be spawning a SimpleHTTPServer on the machine:…
In this #nebula challenge, we will analyze and exploit the vulnerable PHP code wrapped around in a C SUID binary.
#exploitdev
https://telegra.ph/Nebula-09-09-20
#exploitdev
https://telegra.ph/Nebula-09-09-20
Telegraph
Nebula - 09
> Source code <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents…
So PortSwigger (folks who made Burp Suite and Web Academy) finally decided to make their own #cert. It costs $99, but if you will purchase it before Dec 15th they reimburse the whole amount. That could kill the eWPT 🤔
https://portswigger.net/web-security/certification
https://portswigger.net/web-security/certification
This again. I had to postpone all other activities to make it fly… I really doubt that I’ll take any other eLearnSecurity #cert, what a shame
Exploiting a Race Condition vulnerability in the level 10 of #nebula!
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
Telegraph
Nebula - 10
> Source code #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host;…
Damn, this level of #nebula took way more time than it should. I hate fixing bugs in old projects...
#exploitdev
https://telegra.ph/Nebula---11-11-11
#exploitdev
https://telegra.ph/Nebula---11-11-11
Telegraph
Nebula - 11
Alright, first thing first - this level is broken. Let's admit it - Nebula is a pretty old project, and it seems abandoned now. Anyhow, challenges itself are quite nice, they are twisted in a way that force you to think as an attacker. In my opinion, this…
Phew, that was a long waiting game, but I'm finally eWPT certified!
I documented my journey here:
https://telegra.ph/eWPT-review-10-15
#cert #web #review
I documented my journey here:
https://telegra.ph/eWPT-review-10-15
#cert #web #review
Telegraph
eWPT review
> Table of Content Introduction About the eWPT course Expectations Before taking the course Lab time The exam Closing thoughts Useful resources > Introduction Some time ago I passed the OSCP, and that wasn't a breeze. You can reed more on that here. I promised…
Hello local nodes,
Today, I'd like to start another series that I'll try to push in parallels with #nebula. I was doing the #Web Security Academy from PortSwigger for quite some time, so I thought why not to write everything down and post it here?
Without a further ado, check this out:
https://telegra.ph/Authentication-bypass-via-OAuth-implicit-flow-11-17
Today, I'd like to start another series that I'll try to push in parallels with #nebula. I was doing the #Web Security Academy from PortSwigger for quite some time, so I thought why not to write everything down and post it here?
Without a further ado, check this out:
https://telegra.ph/Authentication-bypass-via-OAuth-implicit-flow-11-17
Telegraph
Authentication bypass via OAuth implicit flow
> Objective
As we are growing slowly (thanks for that!) I wonder what would YOU like to see more often?
Anonymous Poll
43%
Content about web security / bug bounty
29%
Binary exploitation / low level stuff
29%
Writeups for HackTheBox/TryHackMe machines
29%
Other (let me know in the comments)
An easy level of #nebula for today's post. Exploiting a basic OS command injection via Lua binary.
#exploitdev
https://telegra.ph/Nebula---12-11-24
#exploitdev
https://telegra.ph/Nebula---12-11-24
Telegraph
Nebula - 12
> Source code local socket = require("socket") local server = assert(socket.bind("127.0.0.1", 50001)) function hash(password) prog = io.popen("echo "..password.." | sha1sum", "r") data = prog:read("*all") prog:close() data = string.sub(data, 1, 40) return…
A basic example of the SQL injection in another blogpost about #web exploitation.
https://telegra.ph/SQL-injection-vulnerability-in-WHERE-clause-allowing-retrieval-of-hidden-data-11-25
https://telegra.ph/SQL-injection-vulnerability-in-WHERE-clause-allowing-retrieval-of-hidden-data-11-25
Telegraph
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
> Objective This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following: SELECT * FROM products WHERE category = 'Gifts' AND released = 1 To…
Hacking For Ramen
So PortSwigger (folks who made Burp Suite and Web Academy) finally decided to make their own #cert. It costs $99, but if you will purchase it before Dec 15th they reimburse the whole amount. That could kill the eWPT 🤔 https://portswigger.net/web-security/certification
By the way! It's just 8 Euros due to Black Friday right now.
Hello hackers,
It is CyberMonday, so today and only today you can get all my writeups for FREE!
Hurry up, tomorrow the price will return to the original $0!
It is CyberMonday, so today and only today you can get all my writeups for FREE!
Hurry up, tomorrow the price will return to the original $0!
Continuing to drill into the #Web Security Academy. Another blog post about SQL injections:
https://telegra.ph/SQL-injection-vulnerability-allowing-login-bypass-11-29
https://telegra.ph/SQL-injection-vulnerability-allowing-login-bypass-11-29
Telegraph
SQL injection vulnerability allowing login bypass
> Objective This lab contains an SQL injection vulnerability in the login function. To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user. > Solving the challenge In this challenge, we will work with the…
This year's Humble Hacking Bundle is here! It's getting better in better every year, I like that.
Check it out, some dang good #books about hacking
https://www.humblebundle.com/books/hacking-by-no-starch-press-books
Check it out, some dang good #books about hacking
https://www.humblebundle.com/books/hacking-by-no-starch-press-books
Humble Bundle
Humble Book Bundle: Hacking by No Starch Press
Pay what you want to think like a hacker with this ebook bundle from No Starch Press.