Hackthebox: Grammar Walkthrough
Hackthebox Grammar is based on the MAC [Message Authentication Code] and how PHP handles the MAC strings also called as typejuggling. PHP tries to evaluate the MAC based on the starting strings, if it is
Advertisements
Hackthebox: IknowMag1k Walkthrough
Hackthebox: I know Mag1k is based on Oracle padding attack. Padding Oracle is based on decryption of the cipher text based on existing cipher information. Padding Oracle allows you to decrypt the encrypted code.Moreover, we
Advertisements
Cross-Site Scripting (XSS) – The Bug Bounty Guide
XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input
Continue readingCross-Site Scripting (XSS) – The Bug Bounty Guide
Advertisements
HackTheBox Node:1 Vulnhub CTF Walkthrough
Node CTF is available at: https://www.vulnhub.com/entry/node-1,252/ This Vulnerable machine Node is based on the new technologies and how we can hack into them. It uses Node Express server Json and hadoop. There are many ways to
Advertisements
OVERTHEWIRE NATAS SERIES: 25 – 26 LEVEL Walkthrough
Overthewire Natas Level 25 – 26 is based on directory traversal. The code have many restrictions because it sanitizes the user input and makes it harder for us to get the password. Let’s see how
Continue readingOVERTHEWIRE NATAS SERIES: 25 – 26 LEVEL Walkthrough
Advertisements
OVERTHEWIRE NATAS SERIES: 24 – 25 LEVEL Walkthrough
Overthewire Natas 25 Level is based on strcmp() function vulnerability. Generally, strcmp() is used to compare two strings together, We need to generate some kind of error here so we can obtain the password for
Continue readingOVERTHEWIRE NATAS SERIES: 24 – 25 LEVEL Walkthrough
Advertisements
OVERTHEWIRE NATAS SERIES: 23 – 24 LEVEL Walkthrough
Overthewire natas level 23 – 24 is also based on PHP GET request parameter tampering. We have to carry out the injection in such a way that it fits both the conditions of the code.
Continue readingOVERTHEWIRE NATAS SERIES: 23 – 24 LEVEL Walkthrough
Advertisements
OVERTHEWIRE NATAS SERIES: 22 – 23 LEVEL Walkthrough
Overthewire natas level 22 – 23 is the easiest of all levels, We just have to send a GET request as “/?revelio” to reveal the admin password. This code for this level looks like this:
Continue readingOVERTHEWIRE NATAS SERIES: 22 – 23 LEVEL Walkthrough
Advertisements
OVERTHEWIRE NATAS SERIES: 21 – 22 LEVEL Walkthrough
Overthewire natas level 21 -22 is also like the last level but, there is Key and value pair as the input values. All we need to do is inject admin=1 as one of the key->value
Continue readingOVERTHEWIRE NATAS SERIES: 21 – 22 LEVEL Walkthrough
Advertisements
OVERTHEWIRE NATAS SERIES: 20 – 21 LEVEL Walkthrough
OVERTHEWIRE NATAS level: 20 – 21 is quite different than all the other that we have completed. The code for this level is pretty hard to understand but took me a while but it’s done
Continue readingOVERTHEWIRE NATAS SERIES: 20 – 21 LEVEL Walkthrough