Home
s4yhii's Blog
Cancel

Cyber Apocalypse 2024 - 4x Web Challenges Writeup

I participated as a member of team CibersecUNI. In the web category we solved 6/9 challenges as a team. In this writeup I will go through the ones that I have solved: Testimonial Labyrinth Li...

Web Cache Poisoning Techniques

Web cache Poisoning Web cache poisoning is not web cache deception, is not response splitting or request smuggling web cache deception tricking caches into storing sensitive information so the atta...

Cloudgoat rce_web_app scenario

Cloudgoat RCE_WEB_APP Scenario Introduction CloudGoat is a training and learning platform developed by Rhino Security Labs to help individuals and organizations understand the risks and vulnerabil...

Vulnerabilities in Python Code

OS Command Injection Vulnerable Example The following snippet contains a Flask web application written in Python that executes the nslookup command to resolve the host supplied by the user. @app...

HackTheBox Web Challenges

Templated Dificulty: easy Description: Can you exploit this simple mistake? Solution First we visit the site and see that uses jinja2, this template is susceptible to SSTI attacks. We s...

Os Command Injection Labs

OS command injection allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its ...

Cyber Apocalypse 2023 2x Web Challenges Writeup

Kryptos Support Checking the web page of this challenge gives a form to send an issue and an admin will review that issue. So its interesting, maybe the admin will click in that issue and we can...

Cross Site Scripting (XSS)

Cross-site scripting known as XSS is a web vulnerability in which malicious scripts are injected int benign and trusted websites. XSS occur when an attacker send malicious code in any user input fi...

Directory Traversal Labs

Also known as file path traversal allows to read arbitrary files on the servers. in some cases an attacker might be able to write arbitrary files on the server, allowing them to modify application ...

Broken Authentication

Authentication is the process of verifying the identity of a given user or client. In other words, it involves making sure that they really are who they claim to be, there are three authentication ...