-
Solving Caido labs using Zaproxy
Caido just released a labs page (https://labs.cai.do/) so I thought it would be a good idea to solve them using Zaproxy, this first batch of labs are meant to teach different vulnerabilities to people who is starting on cibersecurity so they do not use the full potential of any of...
-
Basic checks to do when pentesting an Oracle Apex site
Introduction Oracle Apex is a platform that allows you to create applications without any need of coding, when I work with a website that was created using it I always start with the same checks so I write this post to show those checks. For these examples we can use...
-
ZAP Scripting - Cheap Autorize
Introduction The other day while I was testing a web app I thought that it would be nice to be able to automate some tests, then I remembered that you can write scripts in ZAP, I gave a quick look to it and it looked far easier than writing a...
-
Previse Writeup [HTB]
Previse is a Linux based machine that was active since August 7th of 2021 to January 8th of 2022, on this machine we will see that we get a 302 redirect state when accessing to certain pages, but we will get the pages anyways, so we will manipulate the response...
-
Intelligence Writeup [HTB]
Intelligence is a Windows based machine that was active since July 3rd of 2021 to November 27th, on this machine we will download a lot of files iterating over dates, inside one of these files we will find a password, examining the files we will discover that there are usernames...