In this post, I would like to share some knowledge about SQL Injection which can be useful during Penetration Testing activity. Before we went deeper into it, I will try to explain what is SQL Injection for those who are not familiar with it. SQL injection […]
What is Server-Side Template Injection? An attack that allows the attacker to use the native template syntax to inject a few malicious payloads into the template is been called Server-side template injection or also known as SSTI. Normally, the attacks will work when the attacker makes […]
In this post, I would like to explore more binary exploitation such as nreport which will improve my skills and knowledge. For a record, the binary file is coming from OverGraph Machine on Hack the Box Platform. Before we start to analyze the binary file, we […]
In this post, I would like to share a walkthrough of the Trick Machine from Hack the Box This room will be considered an Easy machine on Hack The Box What will you gain from the Trick machine? For the user flag, you will need to exploit SQL Injection […]
In this post, I would like to share a walkthrough of the Noter Machine from Hack the Box This room will be considered a medium machine on Hack The box What will you gain from the Noter machine? For the user flag, you will need to abuse the flask […]
A lot of people did ask me how I rooted any machine in Hack The Box so I will explain and elaborate on how I play HTB machine. I’m quite sure that most people will be wondering about the methodology that I use while playing a […]
In this post, I would like to share a walkthrough of the Phoenix Machine from Hack the Box This room will be considered as a Hard machine on Hack The box What will you gain from the Phoenix machine? For the user flag, you will need to abuse a vulnerability […]
In this post, I would like to share a walkthrough of the Ransom Machine from Hack the Box This room will be considered as a Medium machine on Hack The box What will you gain from the Ransom machine? For the user flag, you will be using burpsuite to play […]
In this post, I would like to share a walkthrough of the Pwnkit from Tryhackme If you want to play this room, you can click over here Introduction to CVE-2021-4043 (pwnkit) Those vulnerabilities have been discovered within all versions of Policy Toolkit or also known as Polkit […]
In this post, I would like to share a walkthrough of the Search Machine from Hack the Box This room has been considered difficulty rated as a Hard machine on Hack The box What will you gain from Search machine? For the user flag, you will use LDAP enumeration and […]