Akash Pawar – Medium

Dec 25, 2020

Advance JSON Post Exploitation — CORS, CSRF, Broken Access Control

Hey Folks, Let's start with how to exploit a JSON body which could lead to various vulnerabilities. Most of the time when we see the application is using a JSON body, and Authorization token in Header, we forget about CORS CSRF and even Broken Access Control too, but always remember…

Bug Bounty

3 min read

Advance JSON Post Exploitation — CORS, CSRF, Broken Access Control

Bug Bounty

3 min read

Apr 8, 2020

HTB: Walkthrough without Metasploit. ~[GRANDPA]

IIS 6.0 privilege escalation using impersonation machine IP: 10.10.10.14 1. Scanning and Enumeration- doing a basic scan with Nmap will give below results

Oscp

4 min read

HTB: Walkthrough without Metasploit. ~[GRANDPA]

Oscp

4 min read

Apr 1, 2020

HTB: Walkthrough without Metasploit. ~[LEGACY]

Let's go beyond access to the root flag. This machine is going to be a windows system that is vulnerable to an exploit named called EternalBlue. EternalBlue is an exploit that allows cyber threat actors to remotely execute arbitrary code and. gain access to a network by sending specially crafted…

Oscp

4 min read

HTB: Walkthrough without Metasploit. ~[LEGACY]

Oscp

4 min read

Apr 1, 2020

HTB: Walkthrough without Metasploit. ~ [LAME]

Hello All, this is a great time to start with OSCP preparation with the latest Hackthebox -OSCP like VM’s. The first box which we are going to solve is — Lame so let's start with basics. machine IP:- 10.10.10.3 Scanning and Enumeration:- doing a basic port scan with Nmap with…

Oscp

4 min read

HTB: Walkthrough without Metasploit. ~ [LAME]

Oscp

4 min read