Delivery is an easy-rated box created by Ippsec. It takes us through exploiting ticket trick to gaining internal chat server access and using the disclosed credentials in the chat to login and find MySQL credentials inside the machine. We then find root hash inside MySQL database and crack using Hashcat rules.
Glitch is an easy-rated machine on TryHackMe developed by infamous55. It takes us through enumerating API endpoints and finding an access token and even more endpoints to exploiting NodeJS RCE in one of the query parameters of an API endpoint. We then escalate RCE to get a shell and find stored credentials inside a Firefox profile to escalate to another user and eventually root using misconfigured permissions.
Hello, I hope you and your families are healthy and safe during this pandemic. Stay strong mentally, and we will fight COVID-19 together. Let’s start learning to make our day productive and fun.
This blog teaches you about SSRFs (Server Side Request Forgery) - a very popular web security vulnerability.
This blog will take you through understanding the practical aspects of open-source security. It’ll also help you to make your first security contribution to an open-source project!
Participating in bug bounties is a very popular way for hackers to contribute to an organizations’ security and earn a few bucks off it. Organizations announce bounty programs to invite hackers to test and hack their online assets, this helps in the improvement of their systems through a crowdsourced model.
Ever thought of securing open-source software? Is it worth it? Let us understand it through this blog!