In this series of blog posts we’ll explore exotic ways of hiding shellcode. “Years of solving stego challenges, had to pay” Part 1: Icons Our main goal is bypassing anti-viruses. We ideall...
STMCTF2021 Web Category Writeups
I did my internship at STM this summer. During my internship, I prepared the Web category for STMCTF2021 with 4 challenges. In this blogpost, I will go over them. Hope you enjoyed it ! BountyP...
Brief Introduction to Prototype Pollution
Prototype pollution is a very simple vulnerability yet tricky to find. In this blog post, I will try to explain prototype pollution, how it occurs and how should we search to find one. What is Pro...
HackTheBox - Endgame/Xen Writeup
This lab had 3 Windows end-user computers, 1 Netscaler FreeBSD server, 1 Citrix Windows server and 1 Domain Controller. Initial access was based on social engineering and phishing attacks, follow...
HackTheBox OpenAdmin Çözümü
OpenAdmin HackTheBox üzerinde 20 puanlık ve “Kolay” olarak oylanmış bir makine. Makine üzerinde Uzaktan Kod Çalıştırmaya zafiyetli bir uygulama çalışıyor. Makinenin lokalinde çalışan farklı bir w...
HackTheBox OpenAdmin Writeup
OpenAdmin is a 20 pts box on HackTheBox and it is rated as “Easy”. It has a web application running that is vulnerable to Remote Code Execution. There is a web server running locally on the box. ...
HackTheBox-Control Çözümü
Control HackTheBoxta 40 puanlık “Zor” kategorisinde bir makine. Makine üzerinde sadece 1 ip addresinden erişilebilir olması gereken bir admin paneli var fakat bu admin paneline özel bir http başl...
HackTheBox-Control Writeup
Control is a 40 pts box on HackTheBox and it is rated as “Hard”. It has an admin page that is supposed to be accessible for only one ip but an attacker is able to bypass it with a http header. Th...
HackTheBox-Traverxec Çözümü
Traverxec HackTheBoxta 20 puanlık “Kolay” kategorisinde bir makine. Makine üzerinde nostromo adında bir webserver çalışıyor ve nostromonun bu versiyonu Uzaktan Kod Çalıştırmaya karşı zafiyetli. S...
HackTheBox-Traverxec Writeup
Traverxec is a 20 pts box on HackTheBox and it is rated as “Easy”. It has a web server running called nostromo. This version of nostromo is vulnerable to Remote Code Execution. By abusing this vu...
Recently Updated