Thứ Tư, 7 tháng 10, 2020

[VulnHub] Loly walkthrough

 Hello, today I come back with VulnHub - which provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks .

I choose a random lab, named Loly. Let's get through it!

Thứ Tư, 30 tháng 9, 2020

[picoCTF] Forensics picoGym challenge

 Hello buddy! Today I will introduce some new stuffs. 

I'm in self-training for CTF competition. And according to the need of my team, I decide to explore Forensics area. I hope this decision will make it work and I can absorb more and more knowledge for pentesting.

So, I will kick off with picoCTF, this place is better for every beginner . Let's start!

like1000: 250pts

Thứ Tư, 16 tháng 9, 2020

Thứ Sáu, 11 tháng 9, 2020

[Basic Python for Pentesting]#1 Create TCPclient and TCPserver SOCKET

 Hello guys ! 

With all my effort to learning about pentesting ,  I decide to learn Python in "pentester's way"

This is a powerful script language which can make everything easier and faster . 

Today, I will introduce about Socket and furthermore , create a TCP socket client and server , by Python . 

Firstly , what is socket ?

Thứ Sáu, 4 tháng 9, 2020

[VulnHub] LAMPSecurity: CTF5 Write Up

 Hello sunny day ! Because of CTF competition training , I 'll continue practicing with VulnHub 

As the entry's tittle ,  let's do this !

+GATHERING INFORMATION : After scanning the provided system (both manual and automatic ) , I figure out some stuff :

- OS :  Linux 2.6.X

- Web Server  ; Apache httpd 2.2.6 ((Fedora))

- DBMS : MySql 4.1.2

- PHP 5.2.4

+VULNERABILITIES :

- LFI 

Thứ Ba, 1 tháng 9, 2020

[Root-Me] PHP EVAL - PHP NON ALPHANUMERIC WRITE UP !

 Hello everyone . Today , I will comeback to RootMe . This challenge is about PHP non-alphanumeric . It's at medium level with 40 points! Let’s dive into it ! 👆

Here is the source code provided by author 

Thứ Tư, 26 tháng 8, 2020

[VulnHub] HACKME 1 LAB WRITE UP

 Hello guys, today I will show you some interesting stuffs . 👨

I am training for CTF competition which will be held by my school . And I decided to play with VulnHub.

Let's get started !

- GATHERING INFORMATION :

+Nmap 

Thứ Ba, 4 tháng 8, 2020

Thứ Tư, 17 tháng 6, 2020

[NahamCon CTF 2020] Web Exploitation WriteUp !

Hello guys ! Long time no write !
Today , I come back to my blog with NahamCon CTF which is held about 1 week ago.
I had solved some web challenges and absorbed many things useful 👅
Let's start!


Thứ Sáu, 22 tháng 5, 2020

[Root-Me] JWT Revoked Token

Hi guys , after nearly 2 months dont care about Root Me challenges , I come back to it and realize that some challenges have been added to Web Serveur catalog recently . I decide to play with JWT again . 😃



25 Points , not too much hard  , huh? I though so . And after solved this chall , I have to say : " It's not really hard , but so much tricky" . Let's see !


Thứ Năm, 14 tháng 5, 2020

[PenTest] L*G.vn XSS detecting and exploiting!

Hi ,
Today, I will show you some interesting stuff which I have just done .
My friend want to buy a backpack from this website, she sent web address to me and asked me how the backpack was .




I dont really care about backpack.

In my vision, the only thing exist is the search engine on the left side.


Thứ Sáu, 8 tháng 5, 2020

[Securinets] Writeup jeopardy !

Hi guys.
Corona Virus aka Covid-19 has spreaded all over the world , we much #stayhome to protect our shelves . So , I have very much time to learning and training my hacking skill . This month ,with my team, I has participated in Securinets ctf competition . Very interesing , it has many , many things to discuss . Here is the result .


Chủ Nhật, 29 tháng 3, 2020

[PenTest] FTU info-research webpage Penetration Testing

Long time no see!

After nearly 3 weeks relaxing and reading some interesting books  (The Web Application Hackers Handbook, Demi god and semi devil 😀 ). I completely bored . So I decide to do some funny stuff with CTF or pentesting some random webpages .






Thứ Ba, 4 tháng 2, 2020

[WRITEUP] XML EXTERNAL ENTITY (XXE) INJECTION ROOTME

AFTER TET HOLIDAYS, WE FACE TO THE CORONA(2019-nCoV) VIRUS ,SO WE MUST PROTECT OURSELVES AND LIMIT TO GO TO PUBLIC PLACE . AS A OPTIMIST, IT'S MY RELAXING TIME TO CONTINUE TO SOLVE ROOT-ME CHALLENGE 😃 . TODAY , WE HAVE XXE INJECTION . LET'S START!


Thứ Tư, 18 tháng 12, 2019

[wargame.kr&rootme] PHP TYPE CONFUSION & LOOSE COMPARISON WRITEUP!

FIRST OF ALL , WE SHOULD FOCUS ON THE DEFINITION


A loose comparison is one performed using two equals signs (==).It follows suit with the “best-guess” approach, which can lead to some unexpected results. 
TAKE A LOOK INTO THIS TABLE





Thứ Hai, 9 tháng 12, 2019

[WARGAME.KR] MD5 PASSWORD VULNERABILITY WRITEUP!

THIS CHALL IS TO SUBMIT A PASSWORD WHICH WILL BE SENT TO md5($ps,true) FUNCTION AND THIS MD5 PASSWORD IS A PART OF THIS SQL QUERY :


$row=@mysql_fetch_array(mysql_query("select * from admin_password where password='".md5($ps,true)."'"));
OFCORSE WE DONT HAVE IDEA ABOUT PASSWORD , SO WE MUST FIND A WAY TO BYPASS THIS QUERY BY SQL INJECTION !

FIRST, TAKE A LOOK AT MD5() FUNCTION DEFINITION AND IT'S VULENERABILITY :

 string md5 string $str bool $raw_output = false ] )

Thứ Tư, 9 tháng 10, 2019

[WRITEUP] SQL INJECTION -ROUTED ROOTME

THEO ĐÁNH GIÁ CHỦ QUAN , CHALL NÀY KHÔNG QUÁ KHÓ , NHƯNG MỚI LẠ Ở CÁCH TIẾP CẬN VÀ THỰC THI QUERY
TRONG BÀI NÀY MÌNH SẼ KHÔNG GHI RÕ NHỮNG CÂU QUERY RA , CHỈ SHOW KẾT QUẢ VÀ CÁC BƯỚC CƠ BẢN ĐỂ THỰC THI :D



MỞ ĐẦU CHALL LÀ FORM KHÁ QUEN THUỘC , ĐỪNG AI DẠI DỘT FUZZ VÀO CÁI FORM NÀY NHÉ :D . CHUYỂN QUA TRANG "SEARCH" ĐI !




Thứ Tư, 2 tháng 10, 2019

[WRITEUP] SQL INJECTION - STRING ROOTME

SAU KHI CAY ĐẮNG BỎ QUA BÀI SQL INJECTION GBK KHÔNG LÀM ĐƯỢC( MẶC DÙ ĐÃ NẮM LÝ THUYẾT VÀ THI TRIỂN HẾT CÔNG LỰC) , ĐÀNH PHẢI GẠT NƯỚC MẮT QUA VÀ TIẾP TỤC
NHÌN QUA CHALL

SQL INJECTION MÀ , QUA PAGE LOGIN NGÓ TÍ
 

  

Phổ Biến