BugCrowd’s LevelupCTF 0x07 walkthrough

LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken

Advertisements
symfonos 5 walkthrough root

Symfonos 5: CTF Walkthrough

Symfonos 5 CTF is based on the web application exploit and ldap information gathering to get to the root. This is an easy CTF, but good learning cracking this CTF. The Stuff I have learned is to use ldpsearch and fpm during this CTF . Let’s start the walkthrough! I used Symfonos in a vmware.

Advertisements

Hackthebox: Grammar Walkthrough

Hackthebox Grammar is based on the MAC [Message Authentication Code] and how PHP handles the MAC strings also called as typejuggling. PHP tries to evaluate the MAC based on the starting strings, if it is valid numeric then it is used otherwise the value will be 0. https://www.php.net/manual/en/language.types.type-juggling.php https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf Let’s get to the walkthrough: Once

Advertisements

Hackthebox: IknowMag1k Walkthrough

Hackthebox: I know Mag1k is based on Oracle padding attack. Padding Oracle is based on decryption of the cipher text based on existing cipher information. Padding Oracle allows you to decrypt the encrypted code.Moreover, we can also encrypt arbitrary code without having the encryption key. This leads to having access to sensitive information.  Let’s start

Advertisements

Cross-Site Scripting (XSS) – The Bug Bounty Guide

XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input parameters. They provide a wonderful platform where you can perform exercises on how XSS works. Level – 1: The first

Advertisements
vmware fit-guest-now

Fixing VMware “Fit Guest Now” Feature in Kali-linux: Solved

Recently, while upgrading my virtual machine, I was stumbled upon Greyed-out Fit Guest Now option. This is pretty exhausting as it only shows the console window but not the full Guest view. I took the following steps to make vmtools work again so I can get Fit Guest Now again: I uninstalled my VMware tools

Advertisements
Advertisements

Pubg Stuck on Loading Screen and Ping Error Solutions Android

Pubg (PlayerUnknown’s Battlegrounds) is being played world wide now. So many users is proportional to so many error. I have been playing pubg for about a week now and faced the following problems: 1. The selected server may have higher ping. 2. After Clicking on Start, The game keeps loading and the player’s arena doesn’t come

Advertisements

HackTheBox Node:1 Vulnhub CTF Walkthrough

Node CTF is available at: https://www.vulnhub.com/entry/node-1,252/ This Vulnerable machine Node is based on the new technologies and how we can hack into them. It uses Node Express server Json and hadoop. There are many ways to hack into the machine, here is my way. Let’s dive in the machine: If you are having problem with setting

Advertisements

SQL Injection on Base64 Encoded String Parameters

This article is a guide to perform SQL Injection on the Base64 encoded Url parameters. These parameters are encoded so as to make the site injection proof but that is a big myth. Recently I came across “www.somesite.com/index.php?pid=VkRGRk9WQlJQVDA9″ this kind of URLs. The pid here, “VkRGRk9WQlJQVDA9“. It is nothing but 4 times encoded base64 string,

%d bloggers like this: