Thứ Hai, 26 tháng 10, 2020
Thứ Bảy, 24 tháng 10, 2020
[Learning] Audio Forensics with Audacity
Hello, welcome to my personal blog. 😊
Today, I want to show you another useful tool for doing forensics, especially in audio forensics. It's about Audacity. Let's begin!
Thứ Năm, 22 tháng 10, 2020
Thứ Hai, 19 tháng 10, 2020
Thứ Tư, 7 tháng 10, 2020
[VulnHub] Loly walkthrough
Hello, today I come back with VulnHub - which provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks .
I choose a random lab, named Loly. Let's get through it!
Thứ Tư, 30 tháng 9, 2020
[picoCTF] Forensics picoGym challenge
Hello buddy! Today I will introduce some new stuffs.
I'm in self-training for CTF competition. And according to the need of my team, I decide to explore Forensics area. I hope this decision will make it work and I can absorb more and more knowledge for pentesting.
So, I will kick off with picoCTF, this place is better for every beginner . Let's start!
like1000: 250pts
Thứ Tư, 16 tháng 9, 2020
[CSAW2020] Widthless web WRITE UP
This competition is familiar to me. But this year, all the web challenges seem "guessy". Let's talk about this.
Thứ Sáu, 11 tháng 9, 2020
[Basic Python for Pentesting]#1 Create TCPclient and TCPserver SOCKET
Hello guys !
With all my effort to learning about pentesting , I decide to learn Python in "pentester's way"
This is a powerful script language which can make everything easier and faster .
Today, I will introduce about Socket and furthermore , create a TCP socket client and server , by Python .
Firstly , what is socket ?
Thứ Sáu, 4 tháng 9, 2020
[VulnHub] LAMPSecurity: CTF5 Write Up
Hello sunny day ! Because of CTF competition training , I 'll continue practicing with VulnHub
As the entry's tittle , let's do this !
+GATHERING INFORMATION : After scanning the provided system (both manual and automatic ) , I figure out some stuff :
- OS : Linux 2.6.X
- Web Server ; Apache httpd 2.2.6 ((Fedora))
- DBMS : MySql 4.1.2
- PHP 5.2.4
+VULNERABILITIES :
- LFI
Thứ Ba, 1 tháng 9, 2020
[Root-Me] PHP EVAL - PHP NON ALPHANUMERIC WRITE UP !
Hello everyone . Today , I will comeback to RootMe . This challenge is about PHP non-alphanumeric . It's at medium level with 40 points! Let’s dive into it ! 👆
Here is the source code provided by author
Thứ Tư, 26 tháng 8, 2020
[VulnHub] HACKME 1 LAB WRITE UP
Hello guys, today I will show you some interesting stuffs . 👨
I am training for CTF competition which will be held by my school . And I decided to play with VulnHub.
Let's get started !
- GATHERING INFORMATION :
+Nmap
Thứ Ba, 4 tháng 8, 2020
[KMACTF] WEB-EXPLOITATION WRITE-UP !
Thứ Tư, 24 tháng 6, 2020
Thứ Tư, 17 tháng 6, 2020
[NahamCon CTF 2020] Web Exploitation WriteUp !
Today , I come back to my blog with NahamCon CTF which is held about 1 week ago.
I had solved some web challenges and absorbed many things useful 👅
Let's start!
Thứ Sáu, 22 tháng 5, 2020
[Root-Me] JWT Revoked Token
25 Points , not too much hard , huh? I though so . And after solved this chall , I have to say : " It's not really hard , but so much tricky" . Let's see !
Thứ Năm, 14 tháng 5, 2020
[PenTest] L*G.vn XSS detecting and exploiting!
Today, I will show you some interesting stuff which I have just done .
My friend want to buy a backpack from this website, she sent web address to me and asked me how the backpack was .
I dont really care about backpack.
In my vision, the only thing exist is the search engine on the left side.
Thứ Sáu, 8 tháng 5, 2020
[Securinets] Writeup jeopardy !
Corona Virus aka Covid-19 has spreaded all over the world , we much #stayhome to protect our shelves . So , I have very much time to learning and training my hacking skill . This month ,with my team, I has participated in Securinets ctf competition . Very interesing , it has many , many things to discuss . Here is the result .
Thứ Ba, 4 tháng 2, 2020
[WRITEUP] XML EXTERNAL ENTITY (XXE) INJECTION ROOTME
Thứ Tư, 18 tháng 12, 2019
[wargame.kr&rootme] PHP TYPE CONFUSION & LOOSE COMPARISON WRITEUP!
A loose comparison is one performed using two equals signs (==
).It follows suit with the “best-guess” approach, which can lead to some unexpected results.
TAKE A LOOK INTO THIS TABLEThứ Hai, 9 tháng 12, 2019
[WARGAME.KR] MD5 PASSWORD VULNERABILITY WRITEUP!
$row=@mysql_fetch_array(mysql_query("select * from admin_password where password='".md5($ps,true)."'"));OFCORSE WE DONT HAVE IDEA ABOUT PASSWORD , SO WE MUST FIND A WAY TO BYPASS THIS QUERY BY SQL INJECTION !
FIRST, TAKE A LOOK AT MD5() FUNCTION DEFINITION AND IT'S VULENERABILITY :
string md5 ( string $str , [ bool $raw_output = false ] )
Phổ Biến
-
SO , THIS IS VERY FIRST TIME MY NEW TEAM TAKE PART IN A CTF COMPETITION [PICOCTF] I MAKE THIS WRITE-UP AS THE NOTE FOR ALL WEB-CHALLEN...