Hello Hunters, If you don’t know me, I’m 0xanas. I’m a junior penetration tester and bug hunter on HackerOne. I want to tell you about my first IDOR vulnerability that I discovered, and I hope that my explanation is easy for you to understand. What’s IDOR vulnerability? An Insecure Direct…

Hi everyone, I’m a web pentester and I play CTFs sometimes. Recently, I participated in the Wargames 2023, where I managed to solve three challenges: one easy and two medium. Now, let me share the walkthroughs that I used to solve these challenges. N1 (200 point)

Comparison (100 point) After connecting to the challenge, I found a PHP code that describes the presence of a text parameter. In order to obtain the flag, one must correctly input the value of the parameter, as shown in the following image.

Hello folks , Welcome to 3rd installment of my Kioptrix series. If you’re interested in other parts check Kioptrix1 and Kioptrix2 , Let’s pwn kioptrix3 Installation You can download kioptrix3 as you can andsetup it in VMware or vireualbox , don’t forget to make the network adapter of kioptrix3 and your…

Hello folks. This lab is talking about the insecure deserialization, and while I was solving this lab, I discovered that it has a slightly different solution from the well-known and written solution in the lab, so I decided to write about the two methods so that someone might benefit from…

Welcome back It’s time for level 2 . This write-up is for those who’re preparing for the OSCP exam , and to improve my documentation skills along the way . Follow along. Machine link : Kioptrix level 2 My Methodology : (IP address — Service Enumeration — Web server enumeration — SQLi…

Hello guys , This is the easiest machine on VulnHub , So i decided to solve it to share knowledge with you and i hope you like my methodology The machine will learn you how to scanning open ports using Nmap and how to exploit the vulnerable services on these…

What is OWASP foundation? The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. …

Let’s hack Task1 : Deploy the machine