Learn. Spread. Learn.
The first machine on the platform HackMyVM is a very easy machine authored by the user smL. This machine simply features basic enumeration and bruteforcing. Once we get the password of a user, we can log into the system. Then, we need to abuse the writable path vulnerability in the system. Once we do that, […]
HackMyVM has come up with a new vulnerable machine whose author is cromiphi. The machine is of medium difficulty; although you can consider it hard depending on your experience. The machine includes an SSTI vulnerability in the web server that leads to the user flag. Right after this, it includes a script that requires us […]
Opacity is a new machine from the platform HackMyVM. The author of the VM is mindsflee. The VM includes vulnerabilities like insecure file upload, remote command execution, insecure file permissions, exploiting cronjobs, etc. In this post, I will describe all the steps starting from identifying the IP address of the target to finding the root […]
Developing a secure system requires robust authentication and authorization implementation. While authenticating users might not take much effort, the authorization aspect can get complicated. This is especially true if the application has various kinds of users. In this article, we will look into two major types of access control mechanisms, ABAC (also called CBAC) and […]
In the previous post about mixpanel, I gave a brief introduction about what analytics is and how to integrate mixpanel with react native. I will do amplitude react native integration and example analytics for the same project in this post. So, it would be best if you looked into that post before diving into this […]
It’s essential to have analytics in your app if you need help with your product decision. Not only does it give us an insight into how users are using our app but also helps us decide to experiment with different features. So, this post is the continuation of my previous posts about remote configuration and […]
A while back, I wrote a post about feature toggle management using Unleash. However, on exploring more about managing features, I came to know about Remote Config by Firebase. Basically, the core concept is similar with a major difference being the priority. In Feature toggle, we keep a track of features and manage them using […]
Dejavu is an easy machine from HackMyVM by the user InfayerTS. The machine includes basic vulnerabilities. First of all, we find a path from a page’s source. Then, we have a file upload area that misses an extension to filter out. Similarly, we also have a directory for the uploads. However, there are restrictions to certain functions making it difficult to get a reverse shell.
“Decode” is an easy machine from HackMyVM by the user avijneyam. This machine requires some common sense to gather information. The enumeration is fairly easy. The enumeration starts by looking at the robots.txt file. We have some hints there about the next vulnerability. Then, we have to find a file that contains the password of one of the users.
Pingme is a new machine from HackMyVM by a friend rpj7. This machine is actually very nice if you try the intended way to get the shell. There is another vulnerability (dirty pipe) in the machine as well (which is unintended as the author released the machine before the exposure of that vulnerability). That one […]
