This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup.
Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact
Insecure code management is when part of the code exposes sensitive information which shouldn’t be exposed to the world. Now it can happen in a lot of situation where the API keys/Passwords are hard-coded and
LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great
Hackthebox Grammar is based on the MAC [Message Authentication Code] and how PHP handles the MAC strings also called as typejuggling. PHP tries to evaluate the MAC based on the starting strings, if it is
Hackthebox: I know Mag1k is based on Oracle padding attack. Padding Oracle is based on decryption of the cipher text based on existing cipher information. Padding Oracle allows you to decrypt the encrypted code.Moreover, we
XSS stands for Cross-Site Scripting, which is one of the attacks type on the Websites. In this article, I will be using https://xss-game.appspot.com to demonstrate how you can check for XSS bugs in different input