Faculty Scanning : Starting Nmap 7.91 ( https://nmap.org ) at 2022-07-02 20:40 GMT Nmap scan report for faculty.htb (10.129.198.120) Host is up (0.18s latency). Not shown: 65532 closed ports PORT...

Methodology First of all you need to understand that CTF not always like real life senarios. You need to have a methodology only for CTFs. Begain with viewing the page source to see all the endp...

Title : All-in-One Video Gallery plugin <= 2.4.9 - Local File Inclusion (LFI) vulnerability Author: m19o Software : Wordpress 5.8.2 CVE : CVE-2021-24970 Poc : https://example/wordpress/wp-a...

Enumeration< ِNmap TIME!. ِِِAs you can see 80,22,8080 are open. Let`s start checking ِAfter some recon i didn`t found anything in 8080. ِBut i searched for megahosting exploit i f...

Methodology 1- Scanning 2- SMB Enumertion 3- Kanban Analysis 4- Config Manipulation 5- Exploit Remote Service 6- WCF Exploitation Scanning ┌──(m19o@pwning)-[~/m19o/HTB/sharp]└─# nmap -sV -v -p-...

Summary : 1 - Stealing admin's cookie with XSS 2 - Privilege escalation using a CVE 3 - Getting RCE 4 - Database Enumeration 5 - Password cracking 6 - Creating malicious pkg Scanning phase : ...

Methodology Enumeration by LFI Phpsessid and Jwt token forge unrestricted upload Database leak Binary file analysis Port forwarding Database dump with SQLMAP ┌──(root💀m19o)-[~/H...

Recon NMAP roott@kali:~$ sudo nmap 10.10.10.197 -sV -sC -p- -A Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-27 05:55 EST Stats: 0:17:15 elapsed; 0 hosts completed (1 up), 1 undergoing Scri...

Summary RCE in the Web application Pivoting Network analysis Custom Exploitation Domain Admin by Abusing Certifcate service Scanning nmap -p- -sV -sC -v -oA enum --min-rate 4500 --ma...

Scanning We found port 22 for ssh and port 8000,8080 for HTTP where port 8000 Let`s add jewel.htb in our hosts Enumeration Port 8000 port 8080 Let`s enumerate the BLOG! We found 2 user ...