Earlier this week I decided to develop a unique web challenge for Try Hack Me, which is named “Temple”. You can find the room here. The platform was developed using Python Flask and MariaDB as the database backend. Recon and enumeration After deploying the machine, it is good to wait…
Penetration testing
Earlier this week I developed a Try Hack Me room called “h4cked”. The room is a combination between learning network forensics and basic penetration testing skills. You can find it here: https://tryhackme.com/jr/h4cked Scenario – Task 1: “It seems like our machine got hacked by an anonymous threat actor. However, we…
When I first started getting into the infosec game – I learnt most of my skills from VulnHub. VulnHub is an excellent platform for learning penetration testing; whether you are new to infosec or experienced. In this article, a writeup of the machine Photographer is provided. The developer left a…
Insecure Direct Object Reference (IDOR) vulnerabilities are still in the wild and could lead to, for example, horizontal privilege escalation. A user could modify certain values in a web application and gain access to unauthorised data. Developing a vulnerable application Moreover, the vulnerable web application was developed using Python with…
According to OWASP, injection attacks are still a common attack vector. There are several tools which can be used to exploit a SQL vulnerability. A personal favourite is SQLmap. However, understanding how SQLi works is an important aspect of penetration testing. It is also crucial to understand how the underlying…
Buffer overflows are still found in various applications. The Exploit Database shows 48 buffer overflow related exploits published so far this year (July 2020). They are still highly visible. However, modern operating systems have made it tremendously more difficult to execute these types of attacks. Countermeasures such as DEP and…
In March 2018, a new Drupal core vulnerability (later named Drupalgeddon2) was discovered and marked as Highly Critical by the Drupal team. The vulnerability affected versions < 8.3.9 / < 8.4.6 / < 8.5.1. This article covers how the vulnerability can be manually exploited using Burp Suite. Further details regarding…
A while back I hosted a “hacking and pizza” event at school. There were a large variety of vulnerable hosts. One of the machines I created was a web server with a vulnerable WordPress plugin. In this post, a walkthrough of the solution is provided, as it is common to…
A Local File Inclusion (LFI) vulnerability allows an attacker to read internal system files. In a worst case scenario – it could lead to remote access. This post demonstrates how a remote attacker could achieve a reverse meterpreter shell from manually exploiting a LFI vulnerability. The demonstration is conducted by…