BugCrowd’s LevelupCTF 0x07 walkthrough

LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken

Advertisements
freelancer hackthebox walkthrough

Hackthebox Freelancer walkthrough

Hackthebox freelancer is based on SQL injection. This CTF is pretty straight forward and gives learning about the SQLMap tool. Here is my way to get the flag from this CTF: The website is made out of bootstrap and php. I checked the contact form but couldn’t find anything, I was thinking at first of

Advertisements

Hackthebox: Grammar Walkthrough

Hackthebox Grammar is based on the MAC [Message Authentication Code] and how PHP handles the MAC strings also called as typejuggling. PHP tries to evaluate the MAC based on the starting strings, if it is valid numeric then it is used otherwise the value will be 0. https://www.php.net/manual/en/language.types.type-juggling.php https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf Let’s get to the walkthrough: Once

Advertisements

Hackthebox: IknowMag1k Walkthrough

Hackthebox: I know Mag1k is based on Oracle padding attack. Padding Oracle is based on decryption of the cipher text based on existing cipher information. Padding Oracle allows you to decrypt the encrypted code.Moreover, we can also encrypt arbitrary code without having the encryption key. This leads to having access to sensitive information.  Let’s start

Advertisements

Cross-Site Scripting (XSS) – The Bug Bounty Guide

XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input parameters. They provide a wonderful platform where you can perform exercises on how XSS works. Level – 1: The first

Advertisements

HackTheBox Node:1 Vulnhub CTF Walkthrough

Node CTF is available at: https://www.vulnhub.com/entry/node-1,252/ This Vulnerable machine Node is based on the new technologies and how we can hack into them. It uses Node Express server Json and hadoop. There are many ways to hack into the machine, here is my way. Let’s dive in the machine: If you are having problem with setting

Advertisements
Advertisements

OVERTHEWIRE NATAS SERIES: 24 – 25 LEVEL Walkthrough

Overthewire Natas 25 Level is based on strcmp() function vulnerability. Generally, strcmp() is used to compare two strings together, We need to generate some kind of error here so we can obtain the password for the next level. The code for the level is here: So, I tried a lot of ways to generate error

Advertisements
Advertisements
%d bloggers like this: