DamaidecPOV HTB WriteupPOV is a medium box machine which had a Path traversal issue. After utilizing this issue to read the “web config files” this open an attack…Jun 8Jun 8
DamaidecHow I passed my CRTP ExamIn this blog I will be giving tips on how to pass CRTP, what to expect on the laboratory and the exam, and pros/consDec 9, 20231Dec 9, 20231
DamaidecHTB SnoopyThe machine was really challenging and fun it starts with an LFI to read the dns config file which will alows you to modify the DNS entry…Sep 23, 2023Sep 23, 2023
DamaidecHTB SoccerThe machine is about tinyfilemanager exploit for gaining initial access and once you gain initial access you will see another subdomain and…Sep 21, 2023Sep 21, 2023
DamaidecHTB FlightThe machine is about stealing NTLM hashes via LFI, and SMB afterward theres also some common AD misconfig such as reusable password after…May 6, 2023May 6, 2023
DamaidecSubdomain Take Over on AzurewebsiteRecently I managed to find a subdomain takeover on azurewebsite on a private program on hackerone.May 2, 20233May 2, 20233
DamaidecHTB InvestigationThe machine consist of exploiting exiftool to gain reverse shell, afterwards you will need to extract some evtx file on a email and then we…Apr 24, 2023Apr 24, 2023
DamaidecCyber Apocalypse 2023 writeupThis year CA CTF was really good and I can definitely say it was beginner friendly specially the pwn challenges as it helps new player to…Mar 23, 2023Mar 23, 2023
DamaidecFirebase Exploit bug bountyRecently I manage to exploit a read/write permission on firebase but unfortunately it was marked as not applicable honestly it was also…Nov 27, 2022Nov 27, 2022