Application Security ✪ All about JWT attacks (tools included) !!! JWT is a token system that was originally created to make it possible to verify authorization. Although this may be used for…
Application Security How I found `CVE-2022–40087` Simple College Website 1.0 was found to be vulnerable to an unauthenticated arbitrary file upload leading to remote code execution.
Application Security OAuth 2.0 Hacking 💸 OAuth is an open authorization protocol, which allows accessing the resources of the resource owner by enabling the client applications on…
Application Security Simple College Website 1.0 — RFI Simple College Website 1.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and…
Application Security Simple College Website 1.0 — Unauthenticated Arbitrary File Upload RCE Simple College Website 1.0 was found to be vulnerable to an unauthenticated arbitrary file upload leading to remote code execution.
Application Security Simple College Website 1.0 — XSS Simple College Website 1.0 allows a user to perform a Reflected Cross-site scripting via /college_website/index.php?page= when sending…
CTF SAR: 1 — Walkthrough Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing.
CTF MISDIRECTION: 1 Walkthrough The purpose of this machine is to grant OSCP students further develop, strengthen, and practice their methodology for the exam.
CTF SYMFONOS: 5.2 Walkthrough Beginner real life based machine designed to teach people the importance of understanding from the interior.
CTF SYMFONOS: 3.1 Walkthrough Intermediate real life based machine designed to test your skill at enumeration. If you get stuck remember to try different wordlist, avoid…
CTF SYMFONOS: 2 Write-Up OSCP-like Intermediate real life based machine designed to teach the importance of understanding a vulnerability. SHOULD work for both…
CTF SYMFONOS: 1 Walkthrough Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and…
CTF PRIME: 1 | Writeup This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam.
CTF GraphQL — TryHackMe(Write-up) The purpose of this room is to show how a malicious user could use GraphQL to perform unintended actions. You will get the most out of…
CTF DIGITALWORLD.LOCAL: MERCY V2 MERCY is a machine dedicated to Offensive Security for the PWK course.
CTF DIGITALWORLD.LOCAL: DEVELOPMENT This machine reminds us of a DEVELOPMENT environment: misconfigurations rule the roost. This is designed for OSCP practice, and the…