If you are looking at an XSS within a hidden input this post may help you with a proof of concept. The first way of getting that proof of concept is from an article posted in the PortSwigger blog. https://portswigger.net/blog/xss-in-hidden-input-fields. The browser ignores the JavaScript events such as onclick and onmouseover. So the context of …
Category Archives: Security
A hostile subdomain takeover!
Hello Again!, It has been a while since i have written anything here. I’ve been quite busy as i moved to Australia and took me a while to settle down. I am grateful to have the opportunity to work with some of the best offensive security consultants and hope to add some more content and …
Lateral Movement with SMBRelayx.py
Lateral movement from Cybersecurity perspective, is movement of threat or a malware from one compromised host to another. Traditionally, Worms utilized these techniques to spread across a network. Nowadays, Ransomware employ these techniques to spread and cause havoc encrypting systems connected over shared folders. However, in case of an APT these technique are used to identify …
HackIM2017 CTF -Web Challenges and solutions (part-4)
Solving Web400 Challenge Accessed the Web4 challenge and we are given a new Hint!. hints are back!! 🙂 Possibly a crypto challenge ahead from a martian!?.. Right, so going into the link we find that there a captcha along with a login. View source gives away the “partial” password and its 69 characters long. Also, there …
Continue reading “HackIM2017 CTF -Web Challenges and solutions (part-4)”
HackIM2017 CTF -Web Challenges and solutions (part-3)
Solving Web300 Challenge There was sudden absence of a hint here! OK!.., so viewed view source. Nothing. Hmm! had an Ominous feeling starting this one .. Accessed the web page and it appeared to be a command line injection attack. Trying couple of variations with http:// 54.89.146.217 /? c m d = ls and no …
Continue reading “HackIM2017 CTF -Web Challenges and solutions (part-3)”
HackIM2017 CTF -Web Challenges and solutions (part-1)
NullCon 2017 is in the corner, Feb 28th – March 02. It has some really good talks, workshops and training’s lined up with many industry experts from around the world. Another note about NullCon is the CTF before Nullcon. Often hosted over ctf.nullcon.net. This time i participated in the web challenges and got upto web400. For …
Continue reading “HackIM2017 CTF -Web Challenges and solutions (part-1)”
A Simple CTF walk-through( Hack.me )
eLearnSecurity hosts a sandbox website named “Hack.me”. This website is a great playground to sharpen skills in web application security. I tried few of their sandbox challenges and felt this simple CTF was quite cleverly built. It helped me speed up on simple PHP concepts. I’m going to start with the walkthrough for this challenge, I strongly suggest …
Breaking application security 