Writeups

Introduction I applied for the HackingAPIsWithDami challenge, and in the first week we were given some courses and the Vulnerable RESTaurant API Lab to test our hands on skills. The lab and installation guid can be found on here: Vulnerable RESTaurant API. NB: I hosted mine locally on ubuntu_server:8080, so the base URL in this write-up may differ from yours. In this write-up, I will be exploiting the API step by step and mapping each vulnerability to the OWASP API Top 10, including practical remediation strategies. ...

Server Side Request Forgery(SSRF) is a vulnerability that allows attackers to send requests on behalf of a server, During an SSRF, attackers forge the request signatures of the vulnerable server, allowing them to assume a privileged position on a network, bypass firewall controls, and gain access to internal services. In this writeup, we will exxplore how to find some basic SSRFs and also how to bypass some SSRF protections. LAB 1: Basic SSRF against the local server Objective: This lab has a stock check feature which fetches data from an internal system. To solve the lab, change the stock check URL to access the admin interface at http://localhost/admin. ...

Introduction Good day hackers, welcome to my blog again. In this writeup i will take you through how i was able to exploit an intentional Vulnerable Bank Application by Ghost St. Badmus, One of the best Application Security Engineers in the industry. You can find the Lab here: Vulnerable Bank Application 🏦 or vulnbank.org. Authentication & Authorization Vulnerabilities SQL Injection in login The first thing we will see when we access the application is the Login/Register page,we will try logging in with a simple SQLI payload to see if the application is vulnerable to SQLI. After using ‘or 1=1- - as the username and pass as password,we were logged in as the admin. ...

Introduction Hello Hackers, Hope you’ve grinding hard and ethically? It’s been a while, In this writeup i will share some Reconnaissance techniques that will help you to succeed in your bug bounty or Web Application Hacking. As we all know Recon is a crucial stage in hacking, Exploiting a target system is quite easy if you know much about the system and how it works(hence my philosophy 80% recon, 20% exploitation).Enough talking, Let’s get our hands dirty!! ...

Hey there! it’s been a while. In this write-up, I’ll be showing you how to set up your own metalsploitable lab for web application security and penetration testing. Downloading Metasploitable 2 First, go to google and search for metasploitable 2 and choose the one from sourceforge.net or visit the link provided below: (https://sourceforge.net/projects/metasploitable/). Click on Download and wait for some seconds for the zip file to download automatically. Setting Up Extract the ZIP file using your preferred ZIP extractor: Open virtualbox,click on New at the top, Enter: Enter the name of your machine, make sure the “Type” and “Version” is the same as the one in the image below.Leave the “ISO Image” field and click on next: Choose your preferred RAM and CPU size to allocate to the machine and click on next,i will use the default size since metasploitable doesn’t require much space and resources. Select “Use an Existing Virtual Hard Disk File” and click on the folder icon: Click on “Add”, locate where you extracted the zip file and select “Metasploitable.vmdk”.Click on Choose and finally next: Now click on “Start” to boot the machine and wait for some seconds,the default username and password is msfadmin: Type ifconfig to check the machine’s IP Address Open your browser, paste the metasploitable ip in the search bar and you should see the list of vulnerable servers been hosted on metasploitable you can get your hands dirty with. I will do writeups on how to hack some of these servers. ...