Categories

One big thing I plan to do is to get started in Bug Bounty, but before becoming the Boba Fett of the code I have to learn the whole methodology of Bug Bounty. So I will summarize the video “Bug Bounty Hunter Methodology v3” by Jason Haddix (JHaddix) : https://www.youtube.com/watch?v=Qw1nNPiH_Go. B…

As always with a new Machine, let’s enumerate open ports with nmap : As a result, we can see that there is a Apache webserver on port 80, but after analysing and scanning it we know that there is nothing interesting in this place. On the other hand, there is a MiniServ 1.910 server installed on por…

Let’s start another CTF on HackTheBox, the name of the machine is Traverxec and it’s rated as difficulty easy. Before starting anything, we already can guess what kind of exploit we are going to face just by the name of the machine. Traver reminds of Directory Traversal exploit, and xec reminds of …

Ready for a new machine ? Let’s start with open ports enumeration : As a result, we can see that there is a Apache webserver on port 80 : Let’s run dirbuster against the webserver to see if we can find some interesting directory : So we can see that there is a /ona/ and /ona/login.php directorie…

I just create my account on HackTheBox [https://www.hackthebox.eu/], so let’s begin with web challenge and with the one called Lernaean. This challenge is only worth 20 points, so it should be an easy one... The only description we have before starting the challenge instance is : > “Your target i…

Let’s start a second web challenge on HTB, this one is called Emdee five for life. It’s only worth 20 points too, so it should be an easy one... The only description we have before starting the challenge instance is : > Can you encrypt fast enough? After starting the challenge instance, we land on…

Ready for a new challenge ? Let’s rock the one named Grammar, this time it’s a 70 points challenge. As the description says : > When we access this page we get a Forbidden error. However we believe that something strange lies behind... Can you find a way in and retrieve the flag? So this Forbid…