WriteUp
Full Account Takeover Via UID Parameter One of the biggest mistakes that developers make is creating ID numbers or other elements in sequence, which can cause their products to be vulnerable to different vulnerabilities. π¨βπ» Read more
Full Account Takeover On A European Organization Full Account Takeover happens when the hacker has full access to any account on the targeted web application. He is able to access accounts, read any Private Information of the victims he wants, change email addresses and passwords, and even delete accounts. π¨βπ» Read more
Account Takeover via iFrame Injection Sometimes you find an XSS vulnerability on a target domain but you cannot inject your javascript codes because the target sanitizes payloads perfectly using black/white lists or stop them from doing their malicious jobs by using WAFs, but there are always different ways to bypass defending mechanisms, and it is only the matter of time and efforts. π¨βπ» Read more
Sniper's Writeup Sniper is a medium level windows box and its IP address is 10.10.10.151. To solve this box you need to use a windows machine or use wine tool in Kali linux. As always I scanned the target with Nmap: I usually scan all ports without any specific flag π¨βπ» Read more
Monteverde's Writeup Monteverde is a medium Windows box which let you to learn something new about Azure AD. Getting user flag wasnβt a big deal to me, but the root was a pain in the neck. I do nmap without any specific flag to scan all ports π¨βπ» Read more
Video
How To Work With ffuf ffuf is recognized as the fastest web fuzzer which is written in Go. You can use this great tool to fuzz directories, files, subdomains or even bruteforce usernames and passwords. Let's learn how to work with this great tool. πΊ Watch
How To Work With WFUZZ Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. πΊ Watch
How To Install Evilgrade Evilgrade is a tool which allows hackers to inject malicious updates of softwares to the victimsβ machines. In this video I show you how to install Evilgrade on Kali Linux machines. πΊ Watch
How To Fix "Network Is Unreachable" Error? Sometimes when you start using a new interface you lose your network connection and face the error πΊ Watch
Article
Ways Of Saving Outputs In this post I mention stdout and stderr a lot, so first we need to know what they are: Stdout is short for standard output, which is the default data stream for output. Stderr or standard error is another output stream typically used by programs to output error messages. π¨βπ» Read more