Exploiting a Race Condition vulnerability in the level 10 of #nebula!
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
Telegraph
Nebula - 10
> Source code #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host;…
Damn, this level of #nebula took way more time than it should. I hate fixing bugs in old projects...
#exploitdev
https://telegra.ph/Nebula---11-11-11
#exploitdev
https://telegra.ph/Nebula---11-11-11
Telegraph
Nebula - 11
Alright, first thing first - this level is broken. Let's admit it - Nebula is a pretty old project, and it seems abandoned now. Anyhow, challenges itself are quite nice, they are twisted in a way that force you to think as an attacker. In my opinion, this…
Phew, that was a long waiting game, but I'm finally eWPT certified!
I documented my journey here:
https://telegra.ph/eWPT-review-10-15
#cert #web #review
I documented my journey here:
https://telegra.ph/eWPT-review-10-15
#cert #web #review
Telegraph
eWPT review
> Table of Content Introduction About the eWPT course Expectations Before taking the course Lab time The exam Closing thoughts Useful resources > Introduction Some time ago I passed the OSCP, and that wasn't a breeze. You can reed more on that here. I promised…
Hello local nodes,
Today, I'd like to start another series that I'll try to push in parallels with #nebula. I was doing the #Web Security Academy from PortSwigger for quite some time, so I thought why not to write everything down and post it here?
Without a further ado, check this out:
https://telegra.ph/Authentication-bypass-via-OAuth-implicit-flow-11-17
Today, I'd like to start another series that I'll try to push in parallels with #nebula. I was doing the #Web Security Academy from PortSwigger for quite some time, so I thought why not to write everything down and post it here?
Without a further ado, check this out:
https://telegra.ph/Authentication-bypass-via-OAuth-implicit-flow-11-17
Telegraph
Authentication bypass via OAuth implicit flow
> Objective
As we are growing slowly (thanks for that!) I wonder what would YOU like to see more often?
Anonymous Poll
43%
Content about web security / bug bounty
29%
Binary exploitation / low level stuff
29%
Writeups for HackTheBox/TryHackMe machines
29%
Other (let me know in the comments)
An easy level of #nebula for today's post. Exploiting a basic OS command injection via Lua binary.
#exploitdev
https://telegra.ph/Nebula---12-11-24
#exploitdev
https://telegra.ph/Nebula---12-11-24
Telegraph
Nebula - 12
> Source code local socket = require("socket") local server = assert(socket.bind("127.0.0.1", 50001)) function hash(password) prog = io.popen("echo "..password.." | sha1sum", "r") data = prog:read("*all") prog:close() data = string.sub(data, 1, 40) return…
A basic example of the SQL injection in another blogpost about #web exploitation.
https://telegra.ph/SQL-injection-vulnerability-in-WHERE-clause-allowing-retrieval-of-hidden-data-11-25
https://telegra.ph/SQL-injection-vulnerability-in-WHERE-clause-allowing-retrieval-of-hidden-data-11-25
Telegraph
SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
> Objective This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following: SELECT * FROM products WHERE category = 'Gifts' AND released = 1 To…
Hacking For Ramen
So PortSwigger (folks who made Burp Suite and Web Academy) finally decided to make their own #cert. It costs $99, but if you will purchase it before Dec 15th they reimburse the whole amount. That could kill the eWPT 🤔 https://portswigger.net/web-security/certification
By the way! It's just 8 Euros due to Black Friday right now.
Hello hackers,
It is CyberMonday, so today and only today you can get all my writeups for FREE!
Hurry up, tomorrow the price will return to the original $0!
It is CyberMonday, so today and only today you can get all my writeups for FREE!
Hurry up, tomorrow the price will return to the original $0!
Continuing to drill into the #Web Security Academy. Another blog post about SQL injections:
https://telegra.ph/SQL-injection-vulnerability-allowing-login-bypass-11-29
https://telegra.ph/SQL-injection-vulnerability-allowing-login-bypass-11-29
Telegraph
SQL injection vulnerability allowing login bypass
> Objective This lab contains an SQL injection vulnerability in the login function. To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user. > Solving the challenge In this challenge, we will work with the…
This year's Humble Hacking Bundle is here! It's getting better in better every year, I like that.
Check it out, some dang good #books about hacking
https://www.humblebundle.com/books/hacking-by-no-starch-press-books
Check it out, some dang good #books about hacking
https://www.humblebundle.com/books/hacking-by-no-starch-press-books
Humble Bundle
Humble Book Bundle: Hacking by No Starch Press
Pay what you want to think like a hacker with this ebook bundle from No Starch Press.
December is here! What does it mean? Christmas and the new year are coming!
I had an idea to do some sort of hacking advent calendar, maybe a bit similar to THM's Advent of Cyber. Maybe not.
The Idea is to do some challenges every day from December 1st right until Christmas. Or maybe share some goodies with you!
It is going to be fun, that's for sure!
I had an idea to do some sort of hacking advent calendar, maybe a bit similar to THM's Advent of Cyber. Maybe not.
The Idea is to do some challenges every day from December 1st right until Christmas. Or maybe share some goodies with you!
It is going to be fun, that's for sure!
For the second day of the #adventofhacking I'd like to bring up the basic example of the Reflected XSS vulnerability from #Web Security Academy.
https://telegra.ph/Reflected-XSS-into-HTML-context-with-nothing-encoded-12-02
https://telegra.ph/Reflected-XSS-into-HTML-context-with-nothing-encoded-12-02
Telegraph
Reflected XSS into HTML context with nothing encoded
> Objective This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function. > Solving the challenge We've got a web page with the search…
For the 3rd day of the #adventofhacking I'd like to talk about basic example of the Stored XSS, as scratched the surface of explaining the XSS vulnerability in general.
#web
https://telegra.ph/Stored-XSS-into-HTML-context-with-nothing-encoded-12-02
#web
https://telegra.ph/Stored-XSS-into-HTML-context-with-nothing-encoded-12-02
Telegraph
Stored XSS into HTML context with nothing encoded
> Objective This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the blog post is viewed. > Solving the challenge For this challenge, we will work…
An example of DOM XSS from #Web Security Academy on today's plate.
Happy #adventofhacking everyone!
https://telegra.ph/DOM-XSS-in-documentwrite-sink-using-source-locationsearch-12-02
Happy #adventofhacking everyone!
https://telegra.ph/DOM-XSS-in-documentwrite-sink-using-source-locationsearch-12-02
Telegraph
DOM XSS in document.write sink using source location.search
> Objective This lab contains a DOM-based cross-site scripting vulnerability in the search query tracking functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data fr…
A good day for some #binaryexploitation challenge, isn't it? Well, any day is a good one during the #adventofhacking!
In this level of #nebula we will debug a simple program with GDB to reveal the access token.
https://telegra.ph/Nebula---13-12-06
In this level of #nebula we will debug a simple program with GDB to reveal the access token.
https://telegra.ph/Nebula---13-12-06
Telegraph
Nebula - 13
> Objective
PortSwigger released the new category of challenges in their #Web Security Academy - file upload.
Let's hook in in today's #adventofhacking article:
https://telegra.ph/Remote-code-execution-via-web-shell-upload-12-08
Let's hook in in today's #adventofhacking article:
https://telegra.ph/Remote-code-execution-via-web-shell-upload-12-08
Telegraph
Remote code execution via web shell upload
> Objective