SSRF stands for Server Side Request Forgery. It is a type of web application vulnerability that allows an attacker to send a crafted request from the vulnerable server to other internal or external systems. It’s a server side attack that leads to sensitive information disclosure from the back-end server of the application. SSRF attacks can result in the disclosure of ...

Web3: A New Era of Decentralized Communication Web3 is not just about decentralizing finance or data storage; it also has the potential to revolutionize communication. With Web3, we can move away from the centralized communication platforms of the past and towards a decentralized, peer-to-peer communication system that gives users more control over their data and privacy. In this article, we’ll ...

Hi hackersLet’s start Let’s begin in nmap, as we always do. Rcon nmap shows two open ports, http (TCP 80) and ssh (TCP 22): I can’t find anything on the page, so I decide to read the page source code and find the new page in source code image.late.htb add etc/hosts 10.10.11.156 images.late.htb as discovered by SSTI injection vulnerability Referncehttps://ajinabraham.com/blog/server-side-template-injection-in-tornadohttps://github.com/carlospolop/hacktricks/blob/master/pentesting-web/ssti-server-side-template-injection/README.mdhttps://medium.com/@nyomanpradipta120/ssti-in-flask-jinja2-20b068fdaeee ...

Hello hackers Windows is used by this computer. Because I have little familiarity with Windows boxes and spend the majority of my practise time on the Linux command line, I found this machine to be challenging (but worthwhile). But this box is ideal if you want to learn something interesting about Windows. Let’s get started #Recon: We first start with ...

HTB-TimeLapse machine is really a great learning box for those who are new to Windows and Active Directory Pentesting I found the initial access (user flag) easier and root flag was a bit tricky for me due to my lack of windows privilege escalation skills overall its a fun machine Enumeration As always starting with an Nmap scan Nmap discovery ...

what is a pwnagotchi ? A pwnagotchi is a Tamagotchi like digital toy,but it feeds on Wi-Fi handshakes.The pwnagotchi is made with the help of a raspberry pi zero. It sniff around for the Wi-Fi signals around it and deauthenticate the client from the access point and captures the handshakes while they try to reconnect. This handshakes will be saved ...

Based on the Mr. Robot show, can you root this box? This CTF room can be considered as a very beginner friendly room.This was personally my first CTF room I have solved,so this is a special room for me. Mr.Robot is an American techno thriller television series. The plot is around Elliot Alderson, a cybersecurity engineer and hacker with a ...

https://app.hackthebox.eu/machines/359 BountryHunter is web based easy difficulty machine . Table of contents Scanning Nmap Enumaration Gobuster Exploitation Burpsuite and SSH Privilege Escalation ticketValidator.py Scanning ( In this face I want to do the OS Discovery, Open ports, Services on open ports and also the vulnerability scripts checking too.) For scanning purposes I choose Nmap. Nmap is the default in all Debian ...

Table of contents Introduction What is TCP protocol? Advantages of TCP protocol Disadvantages of TCP protocol Attacks on the TCP What is UDP protocol? Advantages of UDP protocol Disadvantages of UDP protocol Attacks on the UDP TCP vs UDP 1. Introduction A communication protocol is a set of rules and regulations which are performed to transfer data to the source ...

What is Web Scraping? Web scraping is an automated method used to extract large amounts of data from websites. the data on the websites are unstructured. web scraping helps to collect these unstructured data and store it in a structured form. there are different ways to scrape websites such as onlineservices, APIs or writing your own code. Data displayed by ...

Exit mobile version