The HackerOne x TryHackMe CTF presented some brilliant web challenges to develop PHP hacking skills. In this post, I will be explaining each of the vulnerabilities and initial exploitation methods for the boxes, ranging from easy, to hard. The room can be found to

Within the following post, I decided to take a dive into the realm of Social Engineering, to follow up on a subject that I have always been interested in: the science of subliminal manipulation and influence. Throughout the post, we will be specifically looking

This is one of the hardest rated web challenges on the 247CTF platform. The challenge consists of exploiting an XSS that allows an unauthenticated user to access internal, private parts of the application, such as a vulnerable search form. This form can later be

Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it consist of a single file ready to deploy to the target server. Adminer is available for MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Firebird, SimpleDB, Elasticsearch and MongoDB.

Baby SQL has to be one of my favourite challenges from makelaris, he hit the nail on the head in terms of creativity and also learning a new technique that may come in handy. In this writeup, we will learn to bypass addslashes(), abuse

I recently checked my 247ctf account to see if any new challenges had been posted and spotted a new web challenge called "Acid Flag Bank". I decided to give the challenge a go, and made a writeup as I played along. After reading the

Who do you think this course is for?I would definitely recommend this course for anyone looking to further their web knowledge and code analysis skills. I had never done SAST before this course, as my job doesn't require much of it, although I

This is some research I developed for OnSecurity base around finding vulnerabilities in open source applications. In the post, I cover setting up a test environment, SAST, payload development and much more. What is the product and why this product?Navigate CMS is "a

Experience is invaluable, paid or not At a younger age, it will be harder to get paid experience, especially in such a competitive industry. Although, in an industry of this nature, experience is essential. Knowing how to manoeuvre in a professional environment is a

I recently got approached by my favorite CTF platform to produce a challenge for them. Of course, I wasn't going to say no, so I decided, while I produced a challenge, I would also squeeze a blog post out of it, and demonstrate my

This is some research I developed for OnSecurity based around SQL Injections throughout multiple PostgreSQL clauses. This post covers bypass methods, example data exfiltration methods, and quick, easy to use payloads that will make the application sleep if it is vulnerable, so you can

This challenge is one of the basic pwn challenges from 247CTF. For this challenge, I recommend installing peda, and making sure ASLR is turned off on your machine before starting. chiv@Dungeon:~/247ctf/executable_stack$ checksec ./executable_stack [*] '/home/chiv/247ctf/executable_stack/

This challenge has to be by far one of my favourite on the platform. Not only was it great fun to play, it was also a really well made challenge. I went down multiple rabbit holes, made progression, slowly, but steadily. Analysisfrom flask import

EnglishSlide one SQL Injection is a server-side vulnerability that occurs when user input is inserted into a query, without any kind of validation or sanitization. The query is then passed to a database. The fact that the user controls a certain part of the

EnglishSlide one A reflected XSS is a vulnerability that allows an attacker to inject malicious JavaScript code into a victims browser via an input point to the server, such as the directory, GET parameters, POST parameters... etc. This means that if we are exploiting

EnglishSlide one An XML External Entity (XXE) is a type of attack that targets applications that parse XML data but are not correctly configured. This may lead to "external entities" being called using the XML, this basically allows for resources that are located somewhere

DISCLAIMER I HAVE NOT YET STARTED THE OSWE COURSE, THESE ARE MY PREDICTIONS / STEPS TAKEN TO PREPARE FOR THE COURSE AND EXAMINATION I recently registered for the OSWE (Offensive Security Web Expert) course that is offered by Offensive Security. It is the next step

247CTF is an amazing platform that provides CTF challenges that are available 24/7, with categories ranging from web, to binary exploitation, and from networking to cryptography. It’s personally one of my favourite platforms, and it is extremely entertaining / educational. In this post

This is a recollection of links and resources I have found / been told about over the years. I developed this post in the hope to map out good resources in the industry, facilitating the spread of knowledge, no matter the skill level. If any

In this post I will be writing up challenges 0-4 from the Narnia series on OverTheWire, with the best explanation I can come up with for each, so someone that has no understanding of pwn, can get a base, and play the challenges for

DisclaimerThis is just my understanding of what I read throughout the book. It may not be perfect information, and I advise you to do your own research on anything that is not properly understood or seems "off". Preflight requestsA preflight request is a small

Recently we had our first edition of the TMHC CTF Competition, and one of the challenges was called Shitter (a play on twitter). The challenge was based on a special case of SQL injection, and I thought it would be a good development topic

This is some research I developed for OnSecurity based around Jinja2 Server Side Template Injections. In the post, I cover setting up a test environment, bypasses, payload development and much more. What is a SSTI? A server side template injection is a vulnerability that