This is a walkthrough of the Lame machine from HackTheBox. Folder Setup and Nmap Scan Results of the Nmap Scan Anonymous FTP Access Anonymous FTP is enabled. Use anonymous as the username when prompted. Simply press ‘Enter’ when prompted for the password without typing anything. Found nothing interesting. Type ‘exit’ to quit the FTP session. […]
Every pentester knows that exhilarating moment when they catch a reverse shell—only to lose it seconds later by pressing “Ctrl-C” out of habit. A fragile, one-time shell is a problem, especially when certain commands require a fully interactive terminal. In this post, we’ll go beyond the usual fixes and explore powerful methods—some well-known, some lesser-known—to […]
SQL Injection (SQLi) is a technique used to manipulate a web application’s database by injecting malicious SQL queries through input fields. Attackers can exploit SQLi vulnerabilities to extract data, modify database contents, escalate privileges, or even gain remote system access. This guide provides an in-depth look at SQLmap, an automated tool for detecting and exploiting […]
Introduction In the vast expanse of the digital world, where every packet tells a story, Nmap is the hacker’s reconnaissance tool of choice. Whether mapping networks, identifying vulnerabilities, or conducting stealth scans, Nmap is a must-have for ethical hackers and security pros alike. This cheat sheet covers the most effective Nmap commands for network discovery, […]
Gobuster is a powerful tool designed for web application penetration testing, specifically for directory and file brute-forcing. Key Takeaways Gobuster is a directory brute-forcing tool used for finding hidden web resources… Setting up Gobuster involves installing the tool, specifying the target URL… Choosing the right wordlist is crucial for maximizing discovery… Setting Up Gobuster for […]
Path Traversal to RCE: Bug Bounty Write-Up POC Path Traversal to RCE: Bug Bounty Write-Up POC Introduction Bug bounty hunting is all about persistence and creativity. This write-up documents my approach to a CTF lab that simulates a real-world vulnerability, inspired by this $40,000 bounty write-up by Abdullah Nawaf and Orwa Atyat. In this challenge, […]
Malware Development Roadmap Understanding Malware Development Malware development involves creating malicious software designed to infiltrate or damage computer systems. It requires a deep understanding of computer systems, programming, operating systems, networks, and exploitation of vulnerabilities. Motivations behind malware development include financial gain, espionage, activism, and personal vendettas. Types of malware include viruses, worms, trojans, ransomware, […]
