This machine is about the business logic issues, vulnerable framework and exposed credentials. To begin with, — During registration, I was able to change the role id via burpsuite to make myself the admin and successfully login to admin page. Moving forward, the sub-domain found on the admin page leaks error details of a vulnerable PHP Laravel Framework and its APP Key Hash was exposed. Exploiting that got me the low reverse shell. Through this shell, a user credential was found which I used it to login and gain access. …
Here I have collated my Azure Fundamentals revision notes. This article is for anyone who wants to take off their career or business in THE CLOUD ;-)
This machine is running a web application on port 80 that is vulnerable to Server-Side Template Injection (SSTI). This attack can be used to directly attack the internal web server, resulting in RCE attack.
The web application running on this machine is using Twig(PHP) template to embed dynamic content in web pages and emails. Using this web application, user can post comment after getting themself registered to this system. Since there is no sanitization check when the user inputs the data, it therefore makes it highly vulnerable to SSTI attack.
For privilege Escalation, during enumeration it was found that the…
In this machine, I learnt to retrieve sensitive information from the SubVersion Control System open port 3690 via both command line and its client application.
For the reverse shell, I had to spend some time understanding how the application system works and how this could potentially be exploited. After some trials and errors, I managed to get the reverse shell of the user.
The story doesn’t end here. I couldn’t retrieve the user.txt file via the shell I got. I had to horizontal escalate to another user to get the user.txt file. After digging through the information in the user…
Ghidra is a free and open-source Software for Reverse Engineering of executable program(Binary) including Mobile Apps. Ghidra supports installation on multiple OS platforms inc. Windows, Linux and MacOS.
Here I’ve installed Ghidra on Linux.
sudo apt install openjdk-11-jdk
./ghidraRunThis will open up the Ghidra-GUI.
Once Ghidra is up and running you’re all set to go!
In simple terms, Symmetric Key Cryptography is a single, shared key and is used to perform both encryption and decryption process.
To encrypt a plaintext using Symmetric Encryption Algorithm, the simple steps include:
Damn Insecure Vulnerable App DIVA is a vulnerable App designed to teach about the vulnerabilities found in Android App. This article walks you through discovering some of those vulnerabilities and will be continously updated as I complete more android related challenges.
Step 1. Extract the DIVA APK file from here.
Step 2. If you want to setup the android lab using Android Studio Software then visit my previous article here.
Step 3. Once you have the Diva app running on your emulator, Run
jadx-gui in your Mac or linux terminal if you want to review the source code in java…
In my Red-Teaming Engagement article, I’ve mentioned about its methodology and difference between Red Team and Penetration Testing. In this article, I’ll be focusing only on the Cloud side of Red Teaming Engagement.
The below chart shows a high-level view of Shared Responsibilities between Cloud Provider and Customer for the overall cloud security. As sometimes it gets trickier to understand what you can or cannot perform during a pentest or red teaming exercise.
In my previous article I mentioned few OSINT tools that can be used for passive reconnaissance. In this article I’ll be attempting some HTB OSINT challenges. OSINT is also one of the key skills essential during the Reconnaissance phase of the Red Team assessment.
Customers of secure-startup.com have been recieving some very convincing phishing emails, can you figure out why?
Note: Although some passive tools mentioned in this article are completely legal to use, it could still go against some organisation’s policy. Therefore always ensure you have their consent before attempting any reconnaissance.
Open Source Intelligence (OSINT) is a collection of data of an individual or an organisation that are publicly available in the public domain and Internet.
OSINT is used during the early Reconnaissance Phase in Cyber Kill Chain.
Cyber Security Enthusiast || Aspiring Red-Teamer