-
Flagsmith – Remote config and feature flag management
A while back, I wrote a post about feature toggle management using Unleash. However, on exploring more about managing features, I came to know about Remote Config by Firebase. Basically, the core concept is similar with a major difference being the priority. In Feature toggle, we keep a track of features and manage them using… Continue reading
-
Writeup – HackMyVM’s Dejavu Walkthrough
Dejavu is an easy machine from HackMyVM by the user InfayerTS. The machine includes basic vulnerabilities. First of all, we find a path from a page’s source. Then, we have a file upload area that misses an extension to filter out. Similarly, we also have a directory for the uploads. However, there are restrictions to… Continue reading
-
Decode from HackMyVM – Full Walkthrough
“Decode” is an easy machine from HackMyVM by the user avijneyam. This machine requires some common sense to gather information. The enumeration is fairly easy. The enumeration starts by looking at the robots.txt file. We have some hints there about the next vulnerability. Then, we have to find a file that contains the password of… Continue reading
-
Pingme Writeup from HackMyVM – Walkthrough
Pingme is a new machine from HackMyVM by a friend rpj7. This machine is actually very nice if you try the intended way to get the shell. There is another vulnerability (dirty pipe) in the machine as well (which is unintended as the author released the machine before the exposure of that vulnerability). That one… Continue reading
-
Blog Writeup from HackMyVM – Walkthrough
“Blog” is an easy machine from HackMyVM by d4t4s3c. If you have done many machines, this is a piece of cake. If you are new, I definitely suggest you do it on your own. The enumeration starts with enumerating the directories and finding a special blog. It has a file upload vulnerability and one can… Continue reading
-
HackMyVM – Platform for Vulnerable Machines
If you are just starting into pentesting or if you are an expert in it, you should definitely know about HackMyVM. HackMyVM is a platform created by sML around 2020. This is similar to another platform called Vulnhub. In this post, I will try to cover as much as possible about it and my involvement… Continue reading
-
Writeup of University from HackMyVM – Walkthrough
University is an easy machine from the HackMyVM platform. The author of the machine is SML. The machine’s main exploit is insecure file upload leading to remote code execution. The machine is fairly easy. “Writeup of University from HackMyVM – Walkthrough” Link to the machine Step 1: ARP Scan As usual, my enumeration began with… Continue reading
-
Feature Flag and Toggle with Unleash
In the realm of modern project development, you often find yourself immersed in intricate scenarios. Picture this: you’re in the midst of a project when a brilliant idea for a new feature strikes. However, rather than immediately diving into development, your instinct leads you to explore and experiment first. Similarly, you may encounter situations where… Continue reading
-
Preload – Writeup – HackMyVM – Walkthrough
Preload is an easy machine by my friend avijneyam from the HackMyVM platform. There are only two exploits one need to understand to get to theinitial root of the machine. Also, there are error messages in the web app that help us proceed forward. If you like my writeups, please consider tipping me in Ko-fi.… Continue reading
-
Area51 – Writeup – Log4Shell – HackMyVM
Area51 is an easy machine built on the recent 0-day vulnerability of the Log4j utility. This is one of the vulnerabilities that had a lot of impacts worldwide and affected many enterprises. I also like to extend a huge thanks to the author bitc0de for this. The machine is fairly simple once we get the… Continue reading