-
ZAP Scripting - Cheap Autorize
Introduction The other day while I was testing a web app I thought that it would be nice to be able to automate some tests, then I remembered that you can write scripts in ZAP, I gave a quick look to it and it looked far easier than writing a...
-
Previse Writeup [HTB]
Previse is a Linux based machine that was active since August 7th of 2021 to January 8th of 2022, on this machine we will see that we get a 302 redirect state when accessing to certain pages, but we will get the pages anyways, so we will manipulate the response...
-
Intelligence Writeup [HTB]
Intelligence is a Windows based machine that was active since July 3rd of 2021 to November 27th, on this machine we will download a lot of files iterating over dates, inside one of these files we will find a password, examining the files we will discover that there are usernames...
-
BountyHunter Writeup [HTB]
BountyHunter is a Linux based machine that was active since July 24th to November 20th, on this machine we will find a XXE vulnerability and use it with a php wrapper to read internal files and get sensitive information, with the information gotten we will be able to connect to...
-
Seal Writeup [HTB]
Seal is a Linux based machine that was active since July 10th of 2021 to November 13th, on this machine we will access to a gitbucket instance which contains the configuration files of the webpage running on the machine, we will retrieive information about blocked pages by Nginx through ssl...