Anonhack

"If Nobody sees it, it didn't Happen"

Author: Jo

  • Walkthrough for Vulnhub : Pylington

    Walkthrough for Vulnhub : Pylington

    This article is a walkthrough for Pylington Virtual machine. The machine is based on getting root flag, I did it via bypassing python sandbox environment and privilege escalation by SUID bit. I have worked with VMware throughout this walkthrough. You can run the machines in VirtualBox or any other environment you are comfortable with. Make…

  • How to setup your own Basic Telemetry Lab with Cisco XR

    How to setup your own Basic Telemetry Lab with Cisco XR

    In this article, we will be talking about setting up a basic Lab for testing Telemetry on a Cisco NC55XX router. Telemetry – “Tele” means remote, “metry” means metrics or measurements, together this word simply means to collect data/measurements remotely on a server. Telemetry is usually a PUSH model meaning the client will push data…

  • Ease in Automation: Convert Router Output to Json Format

    Ease in Automation: Convert Router Output to Json Format

    In this article we will be talking about converting the output from Cisco XR into a Json File for further utilization or automation. The following code can be used and can be redesigned to work with several other commands and output in other variants of Cisco XE, XR etc., as well as other vendor devices.…

  • Hacker101 CTF walkthrough Micro-CMS v1 and v2

    Hacker101 CTF walkthrough Micro-CMS v1 and v2

    Hacker101 CTF is based on Web, Crypto and Android platforms. The challenges are good for the beginners, some of the basics are covered through these CTF. I will be discussing “A little something to get you started”, “Micro-CMS v1” and “Micro-CMS v2” in this post. Check out my post on Bugcrowd’s CTF writeup here: http://www.anonhack.in/2020/08/bugcrowds-levelupctf-0x07-walkthrough/…

  • BugCrowd’s LevelupCTF 0x07 walkthrough

    BugCrowd’s LevelupCTF 0x07 walkthrough

    LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken…

  • Ways to search files in Kali – which, locate and find

    Ways to search files in Kali – which, locate and find

    Kali is the one of the best operating system for Pentesting and hacking. After BackTrack, this is the only operating system I have used, since I think 2015.It has a lots of tools and features that will help you from information gathering to maintaining the access. This article is about Three tools that kali provides…

  • Hackthebox Freelancer walkthrough

    Hackthebox Freelancer walkthrough

    Hackthebox freelancer is based on SQL injection. This CTF is pretty straight forward and gives learning about the SQLMap tool. Here is my way to get the flag from this CTF: The website is made out of bootstrap and php. I checked the contact form but couldn’t find anything, I was thinking at first of…

  • Symfonos 5: CTF Walkthrough

    Symfonos 5: CTF Walkthrough

    Symfonos 5 CTF is based on the web application exploit and ldap information gathering to get to the root. This is an easy CTF, but good learning cracking this CTF. The Stuff I have learned is to use ldpsearch and fpm during this CTF . Let’s start the walkthrough! I used Symfonos in a vmware.…

  • Hackthebox : Emdee five for life Walkthrough

    Hackthebox : Emdee five for life Walkthrough

    Hackthebox: emdee five for life challenge is based on python scripting as how fast a request can be sent and stuff can be automated. For this challenge, I had to go through the forum threads on hackthebox because this challenge is pretty straight forward. You can’t be slow! Let’s begin with the walkthrough: Once you…

  • Hackthebox: Grammar Walkthrough

    Hackthebox: Grammar Walkthrough

    Hackthebox Grammar is based on the MAC [Message Authentication Code] and how PHP handles the MAC strings also called as typejuggling. PHP tries to evaluate the MAC based on the starting strings, if it is valid numeric then it is used otherwise the value will be 0. https://www.php.net/manual/en/language.types.type-juggling.php https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf Let’s get to the walkthrough: Once…

  • Hackthebox: IknowMag1k Walkthrough

    Hackthebox: IknowMag1k Walkthrough

    Hackthebox: I know Mag1k is based on Oracle padding attack. Padding Oracle is based on decryption of the cipher text based on existing cipher information. Padding Oracle allows you to decrypt the encrypted code.Moreover, we can also encrypt arbitrary code without having the encryption key. This leads to having access to sensitive information.  Let’s start…

  • Cross-Site Scripting (XSS) – The Bug Bounty Guide

    Cross-Site Scripting (XSS) – The Bug Bounty Guide

    XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input parameters. They provide a wonderful platform where you can perform exercises on how XSS works. Level – 1: The first…