Hi everyone! This post is on picoCTF 2022 write-up for web exploitation that was held from 16th March 2022 to 30th Mar 2022. It covers the basics of analyzing the client source codes, path traversal, robots.txt, modifying cookies, directory fuzzing, and SQL injection. Let’s get started! 1. Includes Below shows the main page of the […]
Hi everyone! Today’s post is on Previse, an easy HackTheBox Linux machine. This machine was released on 8 August 2021. In this machine, a URL redirect status 302 is exploited to leak the actual web page without logining in, exploiting unsanitized POST data run on the server’s PHP’s exec(), extracting user password from one-liner MySQL […]
There is no excerpt because this is a protected post.
Hi everyone! Today’s post is to answer a very commonly asked question by many people on social media or YouTube comments. So if you are one of them who is wondering, I hope these guidelines will help you to get started. Disclaimer: The purpose of this post is to help others get into ethical hacking. […]
Dear readers, Today’s post is on LoveTok, a web challenge in HackTheBox. The challenge was created on 13th February 2021. It is a sanitation addslashes() bypass challenge so read on if you are interested! Files provided There are a number of files provided as well as the dockerfile to set up the server. You may […]
Lamecarrot 