In this episode, we will investigate CVE-2022-26134 of Atlassian Confluence. A preauth OGNL injection leading to Remote Code Execution. CVE-2022-26134 Details and information gathering Advisories below are more tha...
Studying old CVEs: Part 1 - CVE-2021-26084
In this series of blogposts I will patch diff, analyze and craft exploits for old CVEs. CVE-2021-26084 Details and Information gathering CVE-2021-26084 In affected versions of Confluence Serv...
Hacker Mentality Series: EV charging clusterfuck
Purpose of this series No, harm to anyone unethical stuff exfil of data bypassing rate limits or hardcore scraping We try to use hacker mentality anywhere possible. Win small things in...
Exotic ways of hiding shellcode. Part 1 : Icons
In this series of blog posts we’ll explore exotic ways of hiding shellcode. “Years of solving stego challenges, had to pay” Part 1: Icons Our main goal is bypassing anti-viruses. We ideall...
STMCTF2021 Web Category Writeups
I did my internship at STM this summer. During my internship, I prepared the Web category for STMCTF2021 with 4 challenges. In this blogpost, I will go over them. Hope you enjoyed it ! BountyP...
Brief Introduction to Prototype Pollution
Prototype pollution is a very simple vulnerability yet tricky to find. In this blog post, I will try to explain prototype pollution, how it occurs and how should we search to find one. What is Pro...
HackTheBox - Endgame/Xen Writeup
This lab had 3 Windows end-user computers, 1 Netscaler FreeBSD server, 1 Citrix Windows server and 1 Domain Controller. Initial access was based on social engineering and phishing attacks, follow...
HackTheBox OpenAdmin Çözümü
OpenAdmin HackTheBox üzerinde 20 puanlık ve “Kolay” olarak oylanmış bir makine. Makine üzerinde Uzaktan Kod Çalıştırmaya zafiyetli bir uygulama çalışıyor. Makinenin lokalinde çalışan farklı bir w...
HackTheBox OpenAdmin Writeup
OpenAdmin is a 20 pts box on HackTheBox and it is rated as “Easy”. It has a web application running that is vulnerable to Remote Code Execution. There is a web server running locally on the box. ...
HackTheBox-Control Çözümü
Control HackTheBoxta 40 puanlık “Zor” kategorisinde bir makine. Makine üzerinde sadece 1 ip addresinden erişilebilir olması gereken bir admin paneli var fakat bu admin paneline özel bir http başl...