Honeypots can be extremely useful for you to detect suspicious activities from the bad guys. If you are managing applications of any nature, you should consider deploying honeypots.
You might have heard of DNS (domain name system), but do you know about the basic DNS records that are used to facilitate the entire system of DNS? Let us understand that now!
Delivery is an easy-rated box created by Ippsec. It takes us through exploiting ticket trick to gaining internal chat server access and using the disclosed credentials in the chat to login and find MySQL credentials inside the machine. We then find root hash inside MySQL database and crack using Hashcat rules.
Glitch is an easy-rated machine on TryHackMe developed by infamous55. It takes us through enumerating API endpoints and finding an access token and even more endpoints to exploiting NodeJS RCE in one of the query parameters of an API endpoint. We then escalate RCE to get a shell and find stored credentials inside a Firefox profile to escalate to another user and eventually root using misconfigured permissions.
Hello, I hope you and your families are healthy and safe during this pandemic. Stay strong mentally, and we will fight COVID-19 together. Let’s start learning to make our day productive and fun.
This blog teaches you about SSRFs (Server Side Request Forgery) - a very popular web security vulnerability.