-
Basic checks to do when pentesting an Oracle Apex site
Introduction Oracle Apex is a platform that allows you to create applications without any need of coding, when I work with a website that was created using it I always start with the same checks so I write this post to show those checks. For these examples we can use...
-
ZAP Scripting - Cheap Autorize
Introduction The other day while I was testing a web app I thought that it would be nice to be able to automate some tests, then I remembered that you can write scripts in ZAP, I gave a quick look to it and it looked far easier than writing a...
-
Previse Writeup [HTB]
Previse is a Linux based machine that was active since August 7th of 2021 to January 8th of 2022, on this machine we will see that we get a 302 redirect state when accessing to certain pages, but we will get the pages anyways, so we will manipulate the response...
-
Intelligence Writeup [HTB]
Intelligence is a Windows based machine that was active since July 3rd of 2021 to November 27th, on this machine we will download a lot of files iterating over dates, inside one of these files we will find a password, examining the files we will discover that there are usernames...
-
BountyHunter Writeup [HTB]
BountyHunter is a Linux based machine that was active since July 24th to November 20th, on this machine we will find a XXE vulnerability and use it with a php wrapper to read internal files and get sensitive information, with the information gotten we will be able to connect to...