Category: Attacking Web Application

  • Prime: 1 – Walkthrough for OSCP Series

    Prime: 1 – Walkthrough for OSCP Series

    Prime: 1 is a challenging boot2root machine created by Suraj Pandey. It is designed for those who are preparing for the OSCP exam and is a great way to practice your penetration testing skills. In this blog post, I will walk you through the steps I took to root the machine, including: Performing a port…

  • DC-9 Vulnhub Walkthrough – OSCP way

    DC-9 Vulnhub Walkthrough – OSCP way

    Recently, My focus turned more towards OSCP and I am thinking of taking the exam. After reading tons of people’s experience over Reddit, I took some notes on what would be my way of studying for this. It isn’t easy from the looks of it and to win with time, I need a lot of…

  • Empire: LupinOne Walkthrough – Privilege escalation through Python Libs

    Empire: LupinOne Walkthrough – Privilege escalation through Python Libs

    This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup. Let’s look into exploiting this: Requirements: 1. Vmware/Virtual Box < This is to run the vulnerable machine. 2. Download LupinOne…

  • Pwned Vulnhub Walkthrough

    Pwned Vulnhub Walkthrough

    Pwned vulnhub challenge is an easy boot2root machine. One of the key take away from this machine is how you can escalate your privileges using Dockers. This blog post is about how I exploited this machine and what are the different tools I used to make that happen. Below are the requirements: You can get…

  • Hacker101 CTF walkthrough Micro-CMS v1 and v2

    Hacker101 CTF walkthrough Micro-CMS v1 and v2

    Hacker101 CTF is based on Web, Crypto and Android platforms. The challenges are good for the beginners, some of the basics are covered through these CTF. I will be discussing “A little something to get you started”, “Micro-CMS v1” and “Micro-CMS v2” in this post. Check out my post on Bugcrowd’s CTF writeup here: http://www.anonhack.in/2020/08/bugcrowds-levelupctf-0x07-walkthrough/…

  • BugCrowd’s LevelupCTF 0x07 walkthrough

    BugCrowd’s LevelupCTF 0x07 walkthrough

    LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken…

  • Hackthebox Freelancer walkthrough

    Hackthebox Freelancer walkthrough

    Hackthebox freelancer is based on SQL injection. This CTF is pretty straight forward and gives learning about the SQLMap tool. Here is my way to get the flag from this CTF: The website is made out of bootstrap and php. I checked the contact form but couldn’t find anything, I was thinking at first of…

  • Symfonos 5: CTF Walkthrough

    Symfonos 5: CTF Walkthrough

    Symfonos 5 CTF is based on the web application exploit and ldap information gathering to get to the root. This is an easy CTF, but good learning cracking this CTF. The Stuff I have learned is to use ldpsearch and fpm during this CTF . Let’s start the walkthrough! I used Symfonos in a vmware.…

  • Hackthebox : Emdee five for life Walkthrough

    Hackthebox : Emdee five for life Walkthrough

    Hackthebox: emdee five for life challenge is based on python scripting as how fast a request can be sent and stuff can be automated. For this challenge, I had to go through the forum threads on hackthebox because this challenge is pretty straight forward. You can’t be slow! Let’s begin with the walkthrough: Once you…

  • Hackthebox: Grammar Walkthrough

    Hackthebox: Grammar Walkthrough

    Hackthebox Grammar is based on the MAC [Message Authentication Code] and how PHP handles the MAC strings also called as typejuggling. PHP tries to evaluate the MAC based on the starting strings, if it is valid numeric then it is used otherwise the value will be 0. https://www.php.net/manual/en/language.types.type-juggling.php https://www.owasp.org/images/6/6b/PHPMagicTricks-TypeJuggling.pdf Let’s get to the walkthrough: Once…

  • Cross-Site Scripting (XSS) – The Bug Bounty Guide

    Cross-Site Scripting (XSS) – The Bug Bounty Guide

    XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input parameters. They provide a wonderful platform where you can perform exercises on how XSS works. Level – 1: The first…

  • SQL Injection on Base64 Encoded String Parameters

    SQL Injection on Base64 Encoded String Parameters

    This article is a guide to perform SQL Injection on the Base64 encoded Url parameters. These parameters are encoded so as to make the site injection proof but that is a big myth. Recently I came across “www.somesite.com/index.php?pid=VkRGRk9WQlJQVDA9″ this kind of URLs. The pid here, “VkRGRk9WQlJQVDA9“. It is nothing but 4 times encoded base64 string,…