Exploiting server-side parameter pollution in a query string
Objective
Total Categories: 21
API Vulnerabilities (4 posts)
AWS (7 posts)
Pillage Exposed RDS Instances
Initial Entry
Plunder Public RDS Snaphots
Scenario
Leverage Leaked Credentials For Pwnage
Initial Entry
Loot Public EBS Snapshots
The scenario here is Huge Logistics, a titan in their industry, has invited you to simulate an “assume breach” scenario. They’re handing you the keys to their kingdom - albeit, the...
Breach In the Cloud - AWS Cloudtrial Challenge
Initial Entry point
Identify Account ID from a Public s3 Bucket
Initial Entry point
Big IAM Challenge - Wiz CTF Challenge
Introduction
Access Control (13 posts)
Insecure direct object references
Introduction
User ID controlled by request parameter
Introduction
User role can be modified in user profile
Introduction
User role controlled by request parameter
Introduction
Method-based access control can be circumvented
Introduction
Referer-based access control
Introduction
Unprotected admin functionality
Introduction
URL-based access control can be circumvented
Introduction
Authentication (12 posts)
Password reset poisoning via middleware
Objective
Password reset poisoning via middleware
Objective
Brute-forcing a stay-logged-in cookie
Objective
Offline password cracking
Objective
Username enumeration via response timing
Objective
Password reset broken logic
Objective
Broken brute-force protection, IP block
Objective
Username enumeration via account lock
Objective
2FA broken logic
Objective
Username enumeration via different responses
Introduction
2FA Bypass
Introduction
BSCP (111 posts)
Exploiting XInclude to retrieve files
Objective
Exploiting XXE via image file upload
Objective
Exploiting XXE to perform SSRF attacks
Objective
DOM XSS using web messages
Objective
DOM-based open redirection
Objective
DOM-based cookie manipulation
Objective
Web shell upload via path traversal
Objective
Password reset poisoning via middleware
Objective
Password reset poisoning via middleware
Objective
Brute-forcing a stay-logged-in cookie
Objective
Offline password cracking
Objective
Username enumeration via response timing
Objective
Password reset broken logic
Objective
Broken brute-force protection, IP block
Objective
Username enumeration via account lock
Objective
2FA broken logic
Objective
Username enumeration via different responses
Introduction
2FA Bypass
Introduction
CORS vulnerability with basic origin reflection
Introduction
CORS vulnerability with trusted insecure protocols
Introduction
CORS vulnerability with trusted null origin
Introduction
Basic SSRF against another back-end system
Introduction
Basic SSRF against the local server
Introduction
Blind SSRF with out-of-band detection
Introduction
SSRF with blacklist-based input filters
Introduction
Insecure direct object references
Introduction
User ID controlled by request parameter
Introduction
User role can be modified in user profile
Introduction
User role controlled by request parameter
Introduction
Method-based access control can be circumvented
Introduction
Referer-based access control
Introduction
Unprotected admin functionality
Introduction
URL-based access control can be circumvented
Introduction
Information disclosure in error messages
Objective
Information disclosure on debug page
Objective
Source code disclosure via backup files
Objective
OS command injection, simple case
Objective
CSRF vulnerability with no defenses
Objective
File path traversal, simple case
Objective
File path traversal, traversal sequences blocked with absolute path bypass
This lab contains a path traversal vulnerability in the display of product images.
File path traversal, traversal sequences stripped non-recursively
This lab contains a path traversal vulnerability in the display of product images.
CSRF with broken Referer validation
Objective
SameSite Lax bypass via method override
Objective
SameSite Lax bypass via cookie refresh
Objective
CSRF where token is duplicated in cookie
Objective
Exploiting cross-site scripting to steal cookies
Initial Information
Exploiting cross-site scripting to capture passwords
Initial Information
Reflected DOM XSS
Objective
Stored DOM XSS
Objective
Blind SQL injection with time delays
Objective
Bugbounty (4 posts)
RCE on Application’s Tracking Admin Panel
In this blog post, we’ll explore some intriguing scenarios where the add extension functionality in a particular subdomain can be exploited to enable a Remote Code Execution vulnerability. The application...
A Tale of Weird XSS into $100
Introduction
CORS (3 posts)
CORS vulnerability with basic origin reflection
Introduction
CORS vulnerability with trusted insecure protocols
Introduction
CORS vulnerability with trusted null origin
Introduction
CSRF (12 posts)
CSRF vulnerability with no defenses
Objective
CSRF with broken Referer validation
Objective
SameSite Lax bypass via method override
Objective
SameSite Lax bypass via cookie refresh
Objective
CSRF where token is duplicated in cookie
Objective
CTF (1 posts)
Cozyhosting - HTB Walkthrough
Introduction
CTFs (5 posts)
Gandalf Lakera AI - Prompt Injection Challenge
Introduction Gandalf is a prompt injection challenge provided by an AI security company called Lakera where they do engage AI security research activities and alot more.. So this challenge is...
Sau - HTB Walkthrough
Introduction Easy level CTF lab machine of the HackTheBox platform running Linux containing public exploits, SSRF, RCE. Enumeration Phase Let’s start by enumerating the machines with nmap: sudo nmap -sC...
Analytics - HTB Walkthrough
Introduction
Keeper - HTB Walkthrough
Introduction Easy level HackTheBox platform lab machine running Linux OS, containing a standard password, password transmission using an open communication channel and its untimely change, exploiting a vulnerability in Keepass....
Hunt for Secrets in Github Repositories
Initial Entry Point
Command Injection (5 posts)
DOM Based (5 posts)
DOM XSS using web messages
Objective
DOM-based open redirection
Objective
DOM-based cookie manipulation
Objective
File Upload Vulnerabilities (6 posts)
Web shell upload via path traversal
Objective
GCP (2 posts)
Reveal Hidden Files in Google Storage
Initial entry point
Information disclosure (5 posts)
Information disclosure in error messages
Objective
Information disclosure on debug page
Objective
Source code disclosure via backup files
Objective
Path Traversal (6 posts)
File path traversal, simple case
Objective
File path traversal, traversal sequences blocked with absolute path bypass
This lab contains a path traversal vulnerability in the display of product images.
File path traversal, traversal sequences stripped non-recursively
This lab contains a path traversal vulnerability in the display of product images.
SQLi (17 posts)
Blind SQL injection with time delays
Objective
SSRF (5 posts)
Basic SSRF against another back-end system
Introduction
Basic SSRF against the local server
Introduction
Blind SSRF with out-of-band detection
Introduction
SSRF with blacklist-based input filters
Introduction
XSS (14 posts)
Exploiting cross-site scripting to steal cookies
Initial Information
Exploiting cross-site scripting to capture passwords
Initial Information
Reflected DOM XSS
Objective
Stored DOM XSS
Objective
XXE (4 posts)
Exploiting XInclude to retrieve files
Objective
Exploiting XXE via image file upload
Objective
Exploiting XXE to perform SSRF attacks
Objective
linux (2 posts)
OverTheWire: Bandit Walkthrough (Levels 14-34)
Welcome back to the walkthrough of the Bandit wargame from OverTheWire. If you haven’t checked out Part 1 covering levels 0-13, make sure to do that first. Let’s dive into...
OverTheWire: Bandit Walkthrough (Levels 0-14)
The Bandit wargame on OverTheWire is aimed at absolute beginners and teaches the basics of remote server access and Linux command line skills. This post will walk through the solutions...