curl Quick Tutorial – Everything You Need to Know
Complete curl tutorial: send HTTP GET and POST requests, interact with JSON API, send files, use custom HTTP headers, download files, etc.
web
Solving Lookup – TryHackMe Challenge Writeup
Complete walkthrough of Lookup room on TryHackMe: form brute-forcing, elFinder CVE and 2 Linux misconfigurations lead us to the root flag.
Solving Basic Pentesting – TryHackMe Challenge Writeup
Full walkthrough of the TryHackMe Basic Pentesting room: web enumeration, SMB usernames, SSH access and SSH private key brute-force.
RootMe Writeup – Full TryHackMe CTF Solution
Full walkthrough of RootMe: reconnaissance, getting a PHP shell then a reverse shell, and elevating our privileges through a SUID misconfiguration
Corridor Writeup – TryHackMe IDOR Challenge
Full walkthrough of the Corridor Challenge on TryHackMe. We find the flag by exploiting IDOR through a MD5 id in the URL of the web app.
Lo-Fi Writeup on TryHackMe – File Inclusion
This writeup covers the solution of Lo-Fi room on TryHackMe. A PHP File Inclusion along with path traversal allow us to read the flag.
TryHackMe “Agent T” Writeup – Easy Challenge
Writeup of TryHackMe challenge “Agent T”. We exploit the backdoored version of PHP 8.1.0-dev to get Code Execution and read the flag.
Lazy Admin Writeup – TryHacKme Challenge
In this post, we solve the Lazy Admin CTF from TryHackMe by exploiting 2 CVE of SweetRice CMS and a sudo misconfiguration to get root.
wafw00f – Detect WAF (Web Application Firewalls)
In this tutorial, we’ll see how to use wafw00f, a Kali Linux pentesting tool, to detect WAF (Web Application Firewalls) used by websites.
whatweb Tutorial: Identify Website Technologies
whatweb is a Linux pentesting tool that detects the technologies and frameworks of websites: HTTP servers, CMS like Wordpress, Javascript, etc.