StreamIO was a medium AD box, it involved exploiting sql injection which was filtering the common payload so sqlmap wasn’t the way for exploiting it, after manually dumping the hashes and brute forcing them on login page it found a valid user yoshide, which had access to management of the…

For bypassing jailbreak detection I will be showcasing it through DVIA-2 , which is a vulnerable iOS application that teaches about various vulnerabilities and how to abuse them, I already have a jail broken iphone (I’ll cover on how to jailbreak an iphone hopefully) and it’s complicated, mostly ios is…

Winja CTF ran from 9th September 10:30 AM IST to 17:00 PM IST, it had a lot of fun challenges and categories but I was only able touch Active Directory and in this category there were only 3 challenges. …

flAWS 2 is the continuation of fLAWS CTF which is focused for teaching about AWS (Amazon Web Services) pentesting, which introduces issues in Lambda and ECR and to exploit them, it’s hosted on http://flaws2.cloud/ so we don't need to setup anything for AWS. …

Noter was a medium rated machine which involved user enumeration through login error messages which lead lead to modifying the flask session by brute forcing the secret key with flask-unsign allowing us to login, from the dashboard we can get credentials of ftp giving us access to the source code…

flAWS is a CTF focused for teaching about AWS (Amazon Web Services) pentesting, which introduces issues in AWS and to abuse them. In AWS pentest we won’t find any CVE or do actual exploitation, we’ll mostly find mis configuration like un-authroized access to S3 buckets, finding AWS access keys, using…

Talkative was a hard rated machine, this involved exploiting Rj editor a plugin available Jamovi, giving us the ability to execute commands which was running inside a docker container, from there the credentials for bolt’s admin user were found allowing us to perform remote code execution, landing again into a…

Timelapse was an easy rated windows machine which involved enumerating SMB shares from where we’ll find a pfx certificate which was password protected, on cracking will reveal that it belongs to legacyy user which can be used on WinRM over SSL running on port 5986 , having a shell we…

Whenever we’ll get a reverse shell, it’s mostly spawned by creating a new separate process, if that process gets killed, could be because of the target machine or the victim may kill the process by closing the application our reverse shell will die So this is where the technique of…