Month: January 2023

For this ambassador machine, we will try the second method to obtain the root flag. Honestly, I normally didn’t use Metasploit for any machine or activity especially while playing CTF…

In this post, I would like to share a walkthrough of the Ambassador Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will…

What is Misconfiguration? Security misconfiguration is a vulnerability that normally happens when the application especially a web page because the developer didn’t configure the website properly and exposes it to…

What is Phar Deserizalition to Remote Code Execution? Phar file also known as PHP Archive will normally contain metadata that is written in a serialized format. As a result, the…

There is no excerpt because this is a protected post.

What is Command Injection Attack? It’s an attack in which the bad guys’ objective on this activity will be trying to obtain the execution of arbitrary commands on a vulnerable…

What is NoSQL Injection? Before we proceed with the NoSQL Injection details, we need to understand the NoSQL databases which it has provided low consistency restrictions if compared to SQL…

What is Docker Escape Method? Firstly, we are required to understand the importance of Docker escape or also containers escape which was infrastructure that is used by virtual or day-to-day…

What is XML external entity injection? XML external entity injection is a security vulnerability that normally allows a bad guy by executing the XML data of the application’s processing. A…

There is no excerpt because this is a protected post.