Blog
March 23, 2023
Hack The Box - Cyber Apocalypse 2023 - Writeups
Writeups for Hack The Box - Cyber Apocalypse 2023 - The Cursed Mission CTF.
ReadOctober 27, 2022
Hack The Box - Hack The Boo CTF Writeups
I participated in Hack the Box - Hack the Boo CTF and learned quite a few new tricks. So I have decided to do a writeup of the challenges.
ReadMay 22, 2022
Hack The Box - Cyber Apocalypse 2022 Writeups
I spent some time on Hack the Box - Cyber Apocalypse CTF 2022 and solved some very interesting challenges.
ReadApril 18, 2017
The Color Of My Hat
Somebody has to wear the black hat and give the audience someone to shake their fists at. They want someone to hate. And if that's what you want to pay me to do, I'm happy to do it! – Jane Elliot. If you're not familiar with the concept of Hats in hacking, you're probably at the wrong place.
ReadNovember 27, 2016
PHP Object Injection & Serialization Vulnerabilities
PHP Object injection vulnerabilities can be fairly hard to exploit in a black box penetration testing scenario. In this tutorial, I'm gonna show you guys how serialization vulnerabilities actually work in PHP.
ReadJuly 3, 2016
[WordPress] Real 3D Flipbook Plugin Exploit
Wordpress 3d flipbook vulnerabilities. Delete any file or directory from the server (Unauthenticated). Upload images in Root directory (Unauthenticated). XSS vuln.
ReadMay 7, 2016
ImageTragick Exploitation – CVE-2016-3714
ImageTragick is very simple to exploit. An end user can exploit this issue by simply uploading an image. It doesn't matter how secure your image uploader is
ReadFebruary 6, 2016
Blinded by the Light
Few days ago, a friend asked me to solve two SQL Injection challenges on WeChall. At first, I thought this would be some regular SQL injection but I was wrong. Actually, these were quite good with some tricky rules making a great case scenario. So, I've decided to do a write-up and blow some dust off my blog.
ReadNovember 9, 2015
[Exploit] vBulletin 5.1.x – PreAuth Remote Code Execution
vBulletin team has patched a critical object injection vulnerability in version 5.1.x, which can lead to Remote code execution. CVE-2015-7808 has been assigned to this vulnerability. The POC of this exploit was released by some guy on twitter after defacing the official portal of vBulletin using the same exploit.
ReadOctober 25, 2015
[Mass Exploit] Joomla 3.2 to 3.4 SQL Injection
You guys know how I love to automate stuff. So earlier today I decided to automate the SQL injection vulnerability in open source CMS joomla (3.2 to 3.4.4) found by Trust Wave Labs. CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858 cover this SQL Injection vulnerability.
Read