Hi everyone! This write-up is on an easy Linux machine which focused on enumerating the webpage source for backdoor access to login to a webpage, using command injection vulnerability for initial access, and path hijacking via sudo for root privilege. Let’s get started! 1. Nmap enumeration $ IP=10.10.11.182 $ sudo nmap -sC -sV -p- $IP […]
Hi everyone! Today’s write-up is on Paper, an easy Linux machine from HackTheBox. This machine requires us to enumerate the HTTP response header to discover the domain name, enumerate the version of WordPress for a vulnerability, and a specific comment in a post before having the knowledge to exploit the vulnerability to read secret content […]
Hi everyone! This post is on picoCTF 2022 write-up for web exploitation that was held from 16th March 2022 to 30th Mar 2022. It covers the basics of analyzing the client source codes, path traversal, robots.txt, modifying cookies, directory fuzzing, and SQL injection. Let’s get started! 1. Includes Below shows the main page of the […]
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
Hi everyone! This is a write-up on the recent SANS Holiday Hack Challenge CTF. I hope they will be helpful to you. It is my first time trying out SANS Holiday Hack challenge as they host it yearly. If you haven’t tried it out, the main goal of this CTF is to learn. Hence there […]
Hi everyone! Today’s post is on the basics of lateral movement in the Active Directory (AD) network. In this article, we will be focusing on using LOLBAS and reverse shells to compromise other computers in the internal network. Let’s get started! Network Below shows the network we will be using for our example. Assumption We […]
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
Lamecarrot 
You must be logged in to post a comment.