‘Networked’ is rated as an easy machine on HackTheBox User The usual nmap scan revealed the following open ports: Running gobuster on port 80 revealed a few endpoints, the most interesting one being /backup which had a tarred backup file which included all the PHP files the server was running on port 80. Running those …
‘Haystack’ is rated as an easy machine on HackTheBox. USER Running nmap on the machine showed that only a few ports were open, with http running on both port 80 and 9200. Visiting port 80 revealed a very simple page with an image and nothing else. Gobuster didn’t reveal any other endpoints on this port, …
‘Writeup’ is rated as an easy machine on HackTheBox. User As always, I started with an nmap scan which revealed two ports open, port 22 (SSH) and port 80 (HTTP). Visiting port 80 showed a very simple page and nothing else. No links, nothing. Well, except for a warning that I’d be banned if I …
Today I’m going to write how to get the answers to the security answers for the lost password functionality in OWASP Juice Shop. While there’s no achievement for this, it is a very good exercise that teaches both SQL injection, code diving and cracking. In order to reset a user’s password, 2 things are required: …
The OWASP Juice Shop is a vulnerable web application to train web application hacking on, much like OWASP WebGoat which I’ve already covered on this blog. Without spoiling too much, the login form is vulnerable to SQL injection, and it is possible to dump the database from here. I’ll cover the detection of the vulnerability …
On the 26th of February HackerOne announced ‘the biggest, the baddest, the warmest’ CTF, with an incredible price of 10.000 US$. Being a beginner hacker my first reaction was: ‘with that kind of price, I’ve no chance in hell to solve it!’. However, since I love playing CTFs I took a shot anyway. This is …
One of the simplest ciphers is the Caesar cipher, also called the shift cipher. It works by shifting each letter in the alphabet n positions to the right, mapping it to a different letter. For example, using ‘rotation 13’, a is shifted 13 positions to the right, corresponding to the letter n. What happens to …
The WebGoat XXE (XML External Entity) section has 3 exercises. The first 2 are pretty easy, the last one quite difficult. So without further ado, let’s get to it! Exercise 3 In this exercise you are asked to list the contents of the root file system directly in a comment using XXE. For this, you …
The OWASP WebGoat SQL Injection Mitigation lesson 8 is another blind SQL exercise, very similar to the SQL advanced lesson 5. Actually, I solved it with a similar technique to that one. The goal is to find the IP of the webgoat-prd server, which is not listed on the page. Try sorting the entries via the …
Last week I wrote about the OWASP WebGoat XSS lessons. Today I’d like to write a few pointers on how to solve the SQL injection (advanced) lesson 5. The goal is simple: you are presented with a login box and given a username; log in as that user. The usual username’ OR ‘1’=’1 — unfortunately doesn’t …