chojnowski.it
Index
Initializing search
    • Home
    • AI
    • VM
    • Blog
    • Writeups
    • Home
    • AI
    • VM
      • Index
      • Archive
        • CRTA_done
        • HTB_Academy_done
        • HTB_Access_done
        • HTB_Active_done
        • HTB_Administrator_done
        • HTB_Aero_done
        • HTB_Arctic_done
        • HTB_Atom_done
        • HTB_Backdoor_done
        • HTB_Blackfield_done
        • HTB_Blunder_done
        • HTB_BoardLight_done
        • HTB_Broker_done
        • HTB_Buff_done
        • HTB_Busqueda_done
        • HTB_Cap_done
        • HTB_Cascade_done
        • HTB_Cicada_done
        • HTB_Codify_done
        • HTB_CozyHosting_done
        • HTB_Doctor_done
        • HTB_Editorial_done
        • HTB_Escape_done
        • HTB_Forest_done
        • HTB_Headless_done
        • HTB_Help_done
        • HTB_Intelligence_done
        • HTB_Jeeves_done
        • HTB_Jerry_done
        • HTB_Keeper_done
        • HTB_Knife_done
        • HTB_Laboratory_done
        • HTB_Lame_done
        • HTB_Love_done
        • HTB_Magic_done
        • HTB_Mailing_done
        • HTB_Manager_done
        • HTB_Monteverde_done
        • HTB_Netmon_done
        • HTB_Networked_done
        • HTB_Nibbles_done
        • HTB_OpenAdmin_done
        • HTB_Pandora_done
        • HTB_Photobomb_done
        • HTB_Pilgrimage_done
        • HTB_Precious_done
        • HTB_Return_done
        • HTB_Sau_done
        • HTB_Sauna_done
        • HTB_ScriptKiddie_done
        • HTB_Sea_done
        • HTB_Shoppy_done
          • HTB_Soccer_done
          • HTB_StreamIO_done
          • HTB_Support_done
          • HTB_Timelapse_done
          • HTB_Validation_done
          • AWS Cloud Red Teaming_done
          • Azure Cloud Red Teaming
        • PG Play Amaterasu done
        • PG Play Assertion101 done
        • PG Play BBSCute done
        • PG Play BTRSys2.1 done
        • PG Play Blogger done
        • PG Play CyberSploit1 done
        • PG Play DC 1 done
        • PG Play DC 9 done
        • PG Play Dawn done
        • PG Play Djinn3 done
        • PG Play DriftingBlue6 done
        • PG Play Election1 done
        • PG Play Empire breakout done
        • PG Play EvilBox One done
        • PG Play FunboxEasyEnum done
        • PG Play FunboxEasy done
        • PG Play FunboxRookie done
        • PG Play Funbox done
        • PG Play Gaara done
        • PG Play GlasgowSmile done
        • PG Play Ha natraj done
        • PG Play ICMP done
        • PG Play Inclusiveness done
        • PG Play InfosecPrep done
        • PG Play InsanityHosting done
        • PG Play Katana done
        • PG Play Lampiao done
        • PG Play Loly done
        • PG Play Moneybox done
        • PG Play Monitoring done
        • PG Play My CMSMS done
        • PG Play NoName done
        • PG Play OnSystemShellDredd done
        • PG Play Photographer done
        • PG Play Potato done
        • PG Play Pwned1 done
        • PG Play PyExp done
        • PG Play Sar done
        • PG Play Seppuku done
        • PG Play Shakabrah done
        • PG Play SoSimple done
        • PG Play Solstice done
        • PG Play Stapler done
        • PG Play Sumo done
        • PG Play SunsetDecoy done
        • PG Play SunsetMidnight done
        • PG Play SunsetNoontide done
        • PG Play Tre done
        • PG Play Vegeta1 done
        • PG Practice Algernon done
        • PG Practice Apex done
        • PG Practice Assignment done
        • PG Practice Astronaut done
        • PG Practice Billyboss done
        • PG Practice BlackGate done
        • PG Practice Boolean done
        • PG Practice BossPlayersCTF done
        • PG Practice Bratarina done
        • PG Practice BrokenGallery done
        • PG Practice CTF 200 01 done
        • PG Practice CTF 200 04 done
        • PG Practice CTF 200 05 done
        • PG Practice CTF 200 06 done
        • PG Practice CTF 200 07 done
        • PG Practice CTF 200 08 done
        • PG Practice Cassios done
        • PG Practice Catto done
        • PG Practice Chatty done
        • PG Practice ClamAV done
        • PG Practice Clue done
        • PG Practice Cockpit done
        • PG Practice Codo done
        • PG Practice Covfefe done
        • PG Practice Craft2 done
        • PG Practice Crane done
        • PG Practice DC5 done
        • PG Practice DVR4 done
        • PG Practice Deception done
        • PG Practice DepthB2R done
        • PG Practice Dibble done
        • PG Practice ERP done
        • PG Practice Exfiltrated done
        • PG Practice Exghost done
        • PG Practice Extplorer done
        • PG Practice Fail done
        • PG Practice Fanatastic done
        • PG Practice Flasky done
        • PG Practice Flimsy done
        • PG Practice Fowsniff done
        • PG Practice Fractal done
        • PG Practice GLPI done
        • PG Practice Geisha done
        • PG Practice GitRoot done
        • PG Practice HAWordy done
        • PG Practice Heist done
        • PG Practice Helpdesk done
        • PG Practice Hetemit done
        • PG Practice Hub done
        • PG Practice Hunit done
        • PG Practice Hutch done
        • PG Practice Image done
        • PG Practice Internal done
        • PG Practice JISCTF done
        • PG Practice Jacko done
        • PG Practice LazySysAdmin done
        • PG Practice Levram done
        • PG Practice Lunar done
        • PG Practice Maria done
        • PG Practice Markers done
        • PG Practice Marketing done
        • PG Practice Matrimony done
        • PG Practice Medjed done
        • PG Practice Nagoya done
        • PG Practice Nappa done
        • PG Practice Nibbles done
        • PG Practice Nickel done
        • PG Practice Nukem done
        • PG Practice Payday done
        • PG Practice Pebbles done
        • PG Practice Pelican done
        • PG Practice Peppo done
        • PG Practice PlanetExpress done
        • PG Practice Plum done
        • PG Practice Postfish done
        • PG Practice Press done
        • PG Practice ProStore done
        • PG Practice PwnLab done
        • PG Practice PyLoader done
        • PG Practice Quackerjack done
        • PG Practice Readys done
        • PG Practice Resourced done
        • PG Practice Roquefort done
        • PG Practice RubyDome done
        • PG Practice Scarecrow1.1 done
        • PG Practice Shenzi done
        • PG Practice Shiftdel done
        • PG Practice Sirol done
        • PG Practice Slort done
        • PG Practice Snookums done
        • PG Practice Sona done
        • PG Practice Sorcerer done
        • PG Practice Spaghetti done
        • PG Practice Splodge done
        • PG Practice Squid done
        • PG Practice SunsetTwilight done
        • PG Practice Surf done
        • PG Practice Sybaris done
        • PG Practice Symbolic done
        • PG Practice Ted done
        • PG Practice Thor done
        • PG Practice Tico done
        • PG Practice Twiggy done
        • PG Practice UC404 done
        • PG Practice Vanity done
        • PG Practice Vault done
        • PG Practice Vector done
        • PG Practice VoIP done
        • PG Practice Wheels done
        • PG Practice Wombo done
        • PG Practice XposedAPI done
        • PG Practice Y0usef done
        • PG Practice ZenPhoto done
        • PG Practice Zino done
        • PG Practice Zipper done
        • PG Practice bullyBox done
        • PG Practice law done
        • PG Practice pc done
        • Port_Swigger_2FA broken logic
        • Port_Swigger_2FA simple bypass
        • Port_Swigger_Accessing private GraphQL posts
        • Port_Swigger_Accidental exposure of private GraphQL fields
        • Port_Swigger_Arbitrary object injection in PHP
        • Port_Swigger_Authentication bypass via OAuth implicit flow
        • Port_Swigger_Authentication bypass via information disclosure
        • Port_Swigger_Basic SSRF against another back-end system
        • Port_Swigger_Basic SSRF against the local server
        • Port_Swigger_Basic clickjacking with CSRF token protection
        • Port_Swigger_Basic password reset poisoning
        • Port_Swigger_Basic server-side template injection (code context)
        • Port_Swigger_Basic server-side template injection
        • Port_Swigger_Blind OS command injection with out-of-band data exfiltration
        • Port_Swigger_Blind OS command injection with out-of-band interaction
        • Port_Swigger_Blind OS command injection with output redirection
        • Port_Swigger_Blind OS command injection with time delays
        • Port_Swigger_Blind SQL injection with conditional errors
        • Port_Swigger_Blind SQL injection with conditional responses
        • Port_Swigger_Blind SQL injection with out-of-band data exfiltration
        • Port_Swigger_Blind SQL injection with out-of-band interaction
        • Port_Swigger_Blind SQL injection with time delays and information retrieval
        • Port_Swigger_Blind SQL injection with time delays
        • Port_Swigger_Blind SSRF with out-of-band detection
        • Port_Swigger_Blind XXE with out-of-band interaction via XML parameter entities
        • Port_Swigger_Blind XXE with out-of-band interaction
        • Port_Swigger_Broken brute-force protection, IP block
        • Port_Swigger_Brute-forcing a stay-logged-in cookie
        • Port_Swigger_CSRF vulnerability with no defenses
        • Port_Swigger_CSRF where token is not tied to user session
        • Port_Swigger_CSRF where token validation depends on token being present
        • Port_Swigger_CSRF where token validation depends on request method
        • Port_Swigger_Clickjacking with form input data prefilled from a URL parameter
        • Port_Swigger_DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
        • Port_Swigger_DOM XSS in document.write sink using source location.search inside a select element
        • Port_Swigger_DOM XSS in document.write sink using source location.search
        • Port_Swigger_DOM XSS in innerHTML sink using source
        • Port_Swigger_DOM XSS in jQuery anchor href attribute sink using location.search source
        • Port_Swigger_DOM XSS in jQuery selector sink using a hashchange event
        • Port_Swigger_Detecting NoSQL injection
        • Port_Swigger_Excessive trust in client-side controls
        • Port_Swigger_Exploiting Java deserialization with Apache Commons
        • Port_Swigger_Exploiting NoSQL injection to extract data
        • Port_Swigger_Exploiting NoSQL operator injection to bypass authentication
        • Port_Swigger_Exploiting XInclude to retrieve files
        • Port_Swigger_Exploiting XXE to perform SSRF attacks
        • Port_Swigger_Exploiting XXE using external entities to retrieve files
        • Port_Swigger_Exploiting XXE via image file upload
        • Port_Swigger_Exploiting a mass assignment vulnerability
        • Port_Swigger_Exploiting an API endpoint using documentation
        • Port_Swigger_Exploiting blind XXE to exfiltrate data using a malicious external DTD
        • Port_Swigger_Exploiting blind XXE to retrieve data via error messages
        • Port_Swigger_Exploiting server-side parameter pollution in a query string
        • Port_Swigger_File path traversal, simple case
        • Port_Swigger_File path traversal, traversal sequences blocked with absolute path bypass
        • Port_Swigger_File path traversal, traversal sequences stripped with superfluous URL-decode
        • Port_Swigger_File path traversal, traversal sequences stripped non-recursively
        • Port_Swigger_File path traversal, validation of file extension with null byte bypass
        • Port_Swigger_File path traversal, validation of start of path
        • Port_Swigger_Finding and exploiting an unused API endpoint
        • Port_Swigger_Flawed enforcement of business rules
        • Port_Swigger_Forced OAuth profile linking
        • Port_Swigger_High-level logic vulnerability
        • Port_Swigger_Inconsistent security controls
        • Port_Swigger_Information disclosure in error messages
        • Port_Swigger_Information disclosure in version control history
        • Port_Swigger_Information disclosure on debug page
        • Port_Swigger_Insecure direct object references
        • Port_Swigger_JWT authentication bypass via flawed signature verification
        • Port_Swigger_JWT authentication bypass via unverified signature
        • Port_Swigger_Manipulating WebSocket messages to exploit vulnerabilities
        • Port_Swigger_Modifying serialized data types
        • Port_Swigger_Modifying serialized objects
        • Port_Swigger_OAuth account hijacking via redirect_uri
        • Port_Swigger_OS command injection, simple case
        • Port_Swigger_Offline password cracking
        • Port_Swigger_Password brute-force via password change
        • Port_Swigger_Password reset broken logic
        • Port_Swigger_Password reset poisoning via middleware
        • Port_Swigger_Reflected DOM XSS
        • Port_Swigger_Reflected XSS in canonical link tag
        • Port_Swigger_Reflected XSS into HTML context with most tags and attributes blocked
        • Port_Swigger_Reflected XSS into HTML context with all tags blocked except custom ones
        • Port_Swigger_Reflected XSS into HTML context with nothing encoded
        • Port_Swigger_Reflected XSS into a JavaScript string with angle brackets HTML encoded
        • Port_Swigger_Reflected XSS into attribute with angle brackets HTML-encoded
        • Port_Swigger_Reflected XSS with some SVG markup allowed
        • Port_Swigger_Remote code execution via polyglot web shell upload
        • Port_Swigger_Remote code execution via web shell upload
        • Port_Swigger_SQL injection UNION attack, determining the number of columns returned by the query
        • Port_Swigger_SQL injection UNION attack, finding a column containing text
        • Port_Swigger_SQL injection UNION attack, retrieving data from other tables
        • Port_Swigger_SQL injection UNION attack, retrieving multiple values in a single column
        • Port_Swigger_SQL injection attack, listing the database contents on Oracle
        • Port_Swigger_SQL injection attack, listing the database contents on non-Oracle databases
        • Port_Swigger_SQL injection attack, querying the database type and version on MySQL and Microsoft
        • Port_Swigger_SQL injection attack, querying the database type and version on Oracle
        • Port_Swigger_SQL injection vulnerability allowing login bypass
        • Port_Swigger_SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • Port_Swigger_SQL injection with filter bypass via XML encoding
        • Port_Swigger_SSRF with blacklist-based input filter
        • Port_Swigger_SSRF with filter bypass via open redirection vulnerability
        • Port_Swigger_Source code disclosure via backup files
        • Port_Swigger_Stored DOM XSS
        • Port_Swigger_Stored XSS into HTML context with nothing encoded
        • Port_Swigger_Stored XSS into anchor href attribute with double quotes HTML-encoded
        • Port_Swigger_URL-based access control can be circumvented
        • Port_Swigger_Unprotected admin functionality with unpredictable URL
        • Port_Swigger_Unprotected admin functionality
        • Port_Swigger_User ID controlled by request parameter
        • Port_Swigger_User role can be modified in user profile
        • Port_Swigger_User role controlled by request parameter
        • Port_Swigger_Username enumeration via account lock
        • Port_Swigger_Username enumeration via different responses
        • Port_Swigger_Username enumeration via response timing
        • Port_Swigger_Username enumeration via subtly different responses
        • Port_Swigger_Using application functionality to exploit insecure deserialization
        • Port_Swigger_Visible error-based SQL injection
        • Port_Swigger_Web shell upload via Content-Type restriction bypass
        • Port_Swigger_Web shell upload via extension blacklist bypass
        • Port_Swigger_Web shell upload via obfuscated file extension
        • Port_Swigger_Web shell upload via path traversal
          • THM_Attacking_Kerberos_done
          • THM_Attacktive_Directory_done
          • THM_Easy_VulnNet_Roasted_done
          • THM_Enumerating_Active_Directory_done
          • THM_Lo-Fi_done
          • THM_Neighbour_done