Expanding your scope (Recon automation #2)

After we have gathered subdomains from various sources and by using some cool techniques, we proceed to our next step. Part #1 –A More Advanced Recon Automation #1 (Subdomains) Port scanning Yes I know, I […] Read More

A More Advanced Recon Automation #1 (Subdomains)

So you want to step up your recon game huh?Then you are at the right place. Recon automation can be really use full and if done right, it can save you lots of time. For […] Read More

H1-702 CTF ~ Write-Up

H1-702 CTF Introduction Start Dirbuster Readme Json Web Token Versioning Hidden Enumerate Final steps Introduction() My last two weeks being occupied began with this simple tweet from Jobert Abma. ‏ “Hackers, we’ve built a mobile […] Read More

RCE by uploading a web.config

TL;DR By uploading a web.config I was able to bypass the blacklist, which blocks files with an executable extension (such as ‘.asp’ and ‘.aspx’). After setting execution rights to ‘.config’ and then adding asp code […] Read More

ICU – Keep An Updated Database Of Your Assets

ICU  Is a tool to constantly keep an updated database with all your assets. It contains the program linked to the domain, the domain status, if the (sub)domain is in scope and more… Why? I […] Read More

Getting stack traces with limited SSRF (ASP.NET)

TL;DR  Most ASP.NET MVC sites have ‘customErrors’ on ‘RemoteOnly’, since this is default, which returns custom error pages outside of localhost (remote). But while on localhost, it returns the full error information including stack trace, […] Read More

How I discovered 1500+ test accounts

TL;DR  By using the search function in the mail with an empty search string, I retrieved all the usernames, for which I then checked if the password is the same as the username. By filtering […] Read More

H1-212 CTF ~ Write-Up

So Hackerone launched a new CTF. H1-202 (2017) CTF https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212 I wrote my write-up in a Github gist. Here you go:

Scroll Up