The Marketplace – writeup tryhackme

The Marketplace writeup tryhackme jwt token found Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjQsInVzZXJuYW1lIjoibW9hIiwiYWRtaW4iOmZhbHNlLCJpYXQiOjE2MDMxODQzNzB9.cHhTfERXZoGvHZu5wEFEqRN5paZc6FZIH8AUPVFcHsY decoded its: {“alg”:”HS256″,”typ”:”JWT”}{“userId”:1,”username”:”michael’ or 1=1″,”admin”:true,”iat”:1603184370} eyJ1c2VySWQiOjQsInVzZXJuYW1lIjoibW9hIiwiYWRtaW4iOnRydWUsImlhdCI6MTYwMzE4NDM3MH0= Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjEsInVzZXJuYW1lIjoibWljaGFlbCcgb3IgMT0xIiwiYWRtaW4iOnRydWUsImlhdCI6MTYwMzE4NDM3MH0K.cHhTfERXZoGvHZu5wEFEqRN5paZc6FZIH8AUPVFcHsY ok since i found an reflected xss and there was an ability to report stuff to admins which are automatically responded to by an admin account, we can steal their cookies. i’m running a cookie stealer and injected … Read moreThe Marketplace – writeup tryhackme

Finally Brainfuck, a THM writeup of BlobBlog

Well it was anno 1998 when an older friend showed me the brainfuck programing language and what I took from this evening was, that such creepy codes are what’s needed for getting into hacking. That made me stay away from really digging into hacking until 20 years later. +[—>++<]>+.+++[->++++<]>.—.+++++++++.-[->+++++<]>-.++++[->++<]>+.-[->++++<]>.–[->++++<]>-.-[->+++<]>-.–[—>+<]>–.+[—->+<]>+++.[->+++<]>+.-[->+++<]>.-[—>++<]>+.–.—–.[->+++<]>.————.+[—–>+<]>.–[—>+<]>.-[—->+<]>++.++[->+++<]>.++++++++++++.———.—-.+++++++++.———-.–[—>+<]>—.+[—->+<]>+++.[->+++<]>+.+++++++++++++.———-.-[—>+<]>-.++++[->++<]>+.-[->++++<]>.–[->++++<]>-.——–.++++++.———.——–.-[—>+<]>-.[->+++<]>+.+++++++++++.+++++++++++.-[->+++<]>-.+[—>+<]>+++.——.+[—->+<]>+++.-[—>++<]>+.+++.+.————.++++++++.-[++>—<]>+.+++++[->+++<]>.-.-[->+++++<]>-.++[–>+++<]>.[—>++<]>–.+++++[->+++<]>.———.[—>+<]>–.+++++[->+++<]>.++++++.—.[–>+++++<]>+++.+[—–>+<]>+.———.++++.–.+.——.+++++++++++++.+++.+.+[—->+<]>+++.+[->+++<]>+.+++++++++++..+++.+.+[++>—<]>.++[—>++<]>..[->++<]>+.[—>+<]>+.+++++++++++.-[->+++<]>-.+[—>+<]>+++.——.+[—->+<]>+++.-[—>++<]>–.+++++++.++++++.–.++++[->+++<]>.[—>+<]>—-.+[—->+<]>+++.[–>+++<]>+.—–.————.—[->++++<]>.————.—.+++++++++.-[->+++++<]>-.++[–>+++<]>.——-.————.—[->++++<]>.————.—.+++++++++.-[->+++++<]>-.—–[->++<]>-.–[—>++<]>-. It seems my trauma comes true, … Read moreFinally Brainfuck, a THM writeup of BlobBlog

Automate the boring stuff with bash

I really start to love bash. And dislike python. I’m not good at both, but i like to automate boring, repeative tasks. Being a pentester and network admin using linux (of course) i’m working a lot in the shell, editing connfig files, checking network devices and such things. I encounter a lot of problems which … Read moreAutomate the boring stuff with bash

Ransomeware in 1992

The german “Die Drei Fragezeichen” (The three ???, a fictional detective trio from german audio drama for kids, which is popular among adults nowadays) investigated in a floppy disc driven malware attack in the episode 056/Angriff der Computer-Viren (Attack of the computer viruses). Funnily the whole threat model reminds heavily of todays ransomewares. The three … Read moreRansomeware in 1992

Learning SSRF with Portswigger Labs

Basic SSRF against the local Server https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost When accessing a product page an check stock link checks the stock through an API on some URL. We just need to change the url to localhost/admin where we can see user delete links and here we go with the request to delete that carlos: POST /product/stock HTTP/1.1 … Read moreLearning SSRF with Portswigger Labs