TryHackMe IDE
A short write-up of the TryHackMe IDE room
XXE to AWS metadata disclosure
I recently found a critical vulnerability on a private program on HackerOne that allowed me to get their Amazon Web Services root keys. Because of this, the vulnerability was rated as a 10.0 critical, the highest possible. After having been unable to hack for several months due to a family emergency, I finally got home …
Subdomain Takeovers: Heroku
Heroku subdomain takeovers are possible for herokuapp.com CNAMEs, and can be identified by the ‘No such app’ page: And a CNAME in dig that points to .herokuapp.com: This is an indication that the company has a dangling CNAME record pointing to an unclaimed Heroku app which we might be able to take over. To manually …
How to find your first bug
I often get asked ‘how do I find my first bug’ on the Hacker101 Discord channel. This article is an answer to that question. At this point I assume you’ve been studying the basics of ethical hacking. If you have no background in IT I would recommend reading “The Web Application Hacker’s Handbook”; though those …
H1-2006 CTF Write-up
HackerOne recently held a CTF with the objective to hack a fictitious bounty payout application. While my write-up of this CTF is now public and can be seen here, this is a different kind of write-up where I will be more open and go into the areas where I had a lot of trouble. I’m …
HackTheBox Traverxec
Traverxec is rated as an easy box on HackTheBox. User As with all HackTheBox machines I started with an nmap scan which identified port 80 was open and running nostromo 1.9.6, a simple HTTP server also called nhttpd. While searching for some information on nostromo, pretty much the first search result was about a known …
Nahamsec CTF write-up
Nahamsec recently created a CTF when he reached 30k Twitter followers. The only information he gave was here, so there wasn’t really much to go on. This is my write-up; I decided to send my write-up like a bug report. This style of course does not tell the time wasted looking in all the wrong …
HackTheBox Bitlab
Bitlab is rated as a medium box on HackTheBox. User As is usual with HackTheBox, I started with an nmap scan and discovered ports 22 and 80 open. Going to the web server on port 80 and looking around, I found an interesting link under ‘help’ that wouldn’t open. Turned out the link was this …
From 0 to Bug Hunter – My Journey
Seeing as I recently got my first bug report resolved and was even rewarded a bounty for it, I thought I’d tell how I got started on bug bounty hunting. Hopefully my story can serve as inspiration for other newcomers, and show that it is very much possible to become a bug bounty hunter these …
HackTheBox Heist
Heist is an easy Windows box on HackTheBox, however since I have very little experience with Windows, I found it rather difficult. User The usual nmap scan reveals the following ports are open: Port 80 presents a login page and a forgotten password link (/issues.php), which actually goes to a forum post with an attached …