Active Reconnaissance
Steps We start with a simple ping to the target ip to check if we connect to it and that it can reply back to …
May 18, 2025 Read MoreTHM
Authentication Bypass
Username Enumeration Let’s say that we have a web site http://10.64.156.171/customers/signup and we want …
May 18, 2025 Read MoreCommand Injection
Definition Command injection is the abuse of an application’s behavior to execute commands on the …
May 18, 2025 Read MoreFile Inclusion
Path Traversal If the input isn’t filtered we can start pivoting through the paths until we can reach …
May 18, 2025 Read MoreIDOR
IDOR Here it is a type of access control vulnerability that the website puts too much trust into users input …
May 18, 2025 Read MoreIntro to Cross-site Scripting
Definition XSS is a type of injection attack that tries to execute malicious javascript code on target’s …
May 18, 2025 Read MoreIntro to SSRF
Definition Server-side Request Forgery Allows a malicious user to cause the webserver to make an additional or …
May 18, 2025 Read MoreJavaScript Essentials
Variables We can declare variables in three ways 1. var (function scoped) 2. let (block scoped) 3. const …
May 18, 2025 Read MoreLinux Privilege Escalation
Definition At it’s core, Privilege Escalation usually involves going from a lower permission account to …
May 18, 2025 Read MoreMetasploit Exploitation
Scanning We can perform a nmap scan inside and we can search for specific scanners to apply our attack …
May 18, 2025 Read MoreMetasploit Inroduction
What is Metasploit? **The Metasploit Framework is a set of tools that allow information gathering, scanning, …
May 18, 2025 Read MoreMetasploit Meterpreter
Definition Meterpreter runs on the target system but is not installed on it. It runs in memory and does not …
May 18, 2025 Read MoreMoniker Link
What was the problem with Outlook? **OutLook parses emails in HTML format. So if there is a hyperlinks that …
May 18, 2025 Read MoreNmap
Enumeration, Live hosts, Reverse DNS We want a general scan we can start with nmap with no flags We want to …
May 18, 2025 Read MoreOWASP API Security Top 10
Definition API: stands for Application Programming Interface her the application refers to any script that has …
May 18, 2025 Read MoreOWASP API Security Top 10 - 1
Telnet A Telnet server uses the Telnet protocol to listen for incoming connections on port 23. Could be spied …
May 18, 2025 Read MoreOWASP Top 10 2025 Application Design Flaws
AS02: Security Misconfigurations Security misconfigurations happen when systems, servers, or applications are …
May 18, 2025 Read MoreOWASP Top 10 2025 IAAA Failures
Definition IAAA is a simple way to think about how users and their actions are verified on applications. Each …
May 18, 2025 Read MorePassive Reconnaissance
Steps First we start by simple whois command to know more data about the registrant or the registrar so we …
May 18, 2025 Read MorePickle Rick
This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help …
May 18, 2025 Read MorePrinciples of Security
CIA Triad Confidentiality: the data is altered by authorized people only Integrity: the data isn’t …
May 18, 2025 Read MoreRace Conditions
Definition The main vulnerability lies were multiple threads could be working on a shared resource without …
May 18, 2025 Read MoreShells Overview
Reverse Shell First we need to start a listener to the reverse shell 1 2 3 4 5 6 nc -lvnp 443 # -l to listen # …
May 18, 2025 Read MoreSQL Fundamentals
Database Types Relational Database Non-Relational Database Structure Relational Database Primary key is the …
May 18, 2025 Read MoreSQL Injection
Definition The point where in a web application using SQL can turn into SQL Injection is when user-provided …
May 18, 2025 Read MoreSQLMap The Basics
sqlmap -u http://sqlmaptesting.thm/search/cat=1 this command helps us to test different types of injection for …
May 18, 2025 Read MoreWeb Application Basics
What is a Uniform resource locator (URL) Scheme either http or https (most common) user field is rare now days …
May 18, 2025 Read MoreWhat the Shell?
Stabilizing Netcat Reverse/Bind Shells Netcat shells are inherently unstable: non-interactive, no arrow …
May 18, 2025 Read MoreWhat the Shell?
Stabilizing Netcat Reverse/Bind Shells Netcat shells are inherently unstable: non-interactive, no arrow …
May 18, 2025 Read MoreWindows Privilege Escalation
Unattended Windows Installations When installing Windows on a large number of hosts, administrators may use …
May 18, 2025 Read More