In the world of ethical hacking and bug bounty hunting, it’s crucial to gather information effectively. Reconnaissance, or “recon,” is a vital step in understanding a target and finding potential w...

What is CSRF? Cross-Site Request Forgery (CSRF) is a web security vulnerability that tricks a user into performing an action on a website that they didn’t intend to perform. For example: A us...

In this article, I’ll delve into the art of recognizing and defending against XSS attacks, drawing from my own experiences. At present, a plethora of payloads exist for launching XSS attacks, and ...

Information Active is an easy to medium difficulty machine, which features two very prevalent techniques to gain privileges within an Active Directory environment. NameNameActiveOSWindowsDifficulty...

Include scipts, commands to quickly transfer files to and from a remote server. Server PHP webserver FTP server SMB Server Windows client HTTP Download Upload ...

Information Do you want Wrecked Badges? NameNameDerailedRelease Date 19 Nov 2022OSLinuxDifficultyInsaneVulnerabilitiesArbitrary File Read, Remote Code Execution, OS Command Injection, Buffer Overf...

What is buffer overflow Buffer overflow (BOF) is a vulnerability that occurs when a program process store more data in a block of allocated memory than it can handle. Writing outside the bounds of...

This blog post contains what I’ve learned about heap concepts and exploit techniques. I’ve gathered this knowledge after doing thorough research, using the sources mentioned below. References: ...

Information NameAgileRelease Date 4 Mar 2023OSLinuxDifficultyMediumVulnerabilitiesLFI, MisconfigurationLanguagesPython Enumeration Nmap msplmee@kali:~$ nmap -p- --min-rate 10000 10.10.11.203 ...

Information TwoMillion is an Easy difficulty Linux box that was released to celebrate reaching 2 million users on HackTheBox NameTwoMillionRelease Date 7 Jun 2023OSLinuxDifficultyEasyVulnerabilit...