Posts by Category

TryHackMe - 0day

August 1, 2021 8 minute read

This room was created by 0day, we can access on the tryhackme. 0day machine has a famous vulnerability called Shell Shock CVE-2014-6278 2014-6271, and from t...

TryHackMe - Startup

December 6, 2020 3 minute read

The introduction from THM’s Startup room. “We are Spice Hut, a new startup company that just made it big! We offer a variety of spices and club sandwiches (i...

TryHackMe - Gaming Server

September 2, 2020 1 minute read

Gaming Server is an easy Boot2Root box for beginners. In this box/machine, we need know how about decrypting ssh private key and escalate the privilege via lxs

TryHackMe - Kiba

August 29, 2020 3 minute read

Kiba box from the TryHackMe description is talking about Identify the critical security flaw in the data visualization dashboard, that allows execute remote ...

TryHackMe - Brooklyn Nine Nine

August 27, 2020 1 minute read

TryHackMe - Bolt

August 27, 2020 2 minute read

TryHackMe - Source

July 8, 2020 6 minute read

TryHackMe - Easy Steganography

July 3, 2020 2 minute read

An easy steganography challenge. No hint, just solve it. This is a free room, which means anyone can deploy virtual machines in the room (without being subsc...

TryHackMe - Simple CTF

June 14, 2020 5 minute read

Beginner level CTF

TryHackMe - Ignite

June 14, 2020 7 minute read

A new start-up has a few issues with their web server.

TryHackMe -Vulversity

June 2, 2020 6 minute read

Learn about active recon, web app attacks and privilege escalation.

TryHackMe - Blue

May 22, 2020 15 minute read

Blue is a windows machine. The famous of the vulnerability issue in the machine is Eternal Blue.

TryHackMe - OhSINT

April 10, 2020 2 minute read

Are you able to use open-source intelligence to solve this challenge?

TryHackMe - Nmap

April 2, 2020 13 minute read

RP: Nmap

HackTheBox Machine - Knife

August 30, 2021 9 minute read

HackTheBox Machine - Magic

August 27, 2020 8 minute read

HackTheBox Machine - Servmon

June 19, 2020 16 minute read

HackTheBox Machine - Blunder

June 1, 2020 13 minute read

HackTheBox Machine - Traverxec

April 12, 2020 10 minute read

HackTheBox Machine - OpenAdmin

March 5, 2020 3 minute read

HackTheBox Business CTF 2021 - Parkor (Fullpwn)

July 27, 2021 6 minute read

Parkor is a fullpwn (Windows OS) challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Cockpit CMS NoSQL injection in /auth/resetpas...

HackTheBox Business CTF 2021 - Time (Web)

July 26, 2021 1 minute read

Time is a web challenge from HackTheBox Business CTF 2021. This challenge is talking about how to access with using date format? and how to bypass the flag f...

HackTheBox Business CTF 2021 - Rocket (Fullpwn)

July 26, 2021 10 minute read

Rocket is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerability on the machine is about Rocket.Chat 3.12.1 - NoSQL Injection to RCE (...

HackTheBox Business CTF 2021 - Manager (Fullpwn)

July 26, 2021 5 minute read

Manager is a fullpwn machine from HackTheBox Business CTF 2021. Our team has solved this machine in the first round. The vulnerability is ForgeRock Access Ma...

HackTheBox Business CTF 2021 - Level (Fullpwn)

July 26, 2021 14 minute read

Level is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Apache Flink Unauthenticated Arbitrary File Read,CVE-2...

HackTheBox Business CTF 2021 - Discordvm (Misc)

July 26, 2021 less than 1 minute read

Discordvm is a misc challenge from HackTheBox Business CTF 2021. This challenge is talking about how to vm module breakout on nodejs.

HackTheBox Business CTF 2021 - Parkor (Fullpwn)

July 27, 2021 6 minute read

Parkor is a fullpwn (Windows OS) challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Cockpit CMS NoSQL injection in /auth/resetpas...

HackTheBox Business CTF 2021 - Time (Web)

July 26, 2021 1 minute read

Time is a web challenge from HackTheBox Business CTF 2021. This challenge is talking about how to access with using date format? and how to bypass the flag f...

HackTheBox Business CTF 2021 - Rocket (Fullpwn)

July 26, 2021 10 minute read

Rocket is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerability on the machine is about Rocket.Chat 3.12.1 - NoSQL Injection to RCE (...

HackTheBox Business CTF 2021 - Manager (Fullpwn)

July 26, 2021 5 minute read

Manager is a fullpwn machine from HackTheBox Business CTF 2021. Our team has solved this machine in the first round. The vulnerability is ForgeRock Access Ma...

HackTheBox Business CTF 2021 - Level (Fullpwn)

July 26, 2021 14 minute read

Level is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Apache Flink Unauthenticated Arbitrary File Read,CVE-2...

HackTheBox Business CTF 2021 - Discordvm (Misc)

July 26, 2021 less than 1 minute read

Discordvm is a misc challenge from HackTheBox Business CTF 2021. This challenge is talking about how to vm module breakout on nodejs.

HackTheBox Business CTF 2021 - Parkor (Fullpwn)

July 27, 2021 6 minute read

Parkor is a fullpwn (Windows OS) challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Cockpit CMS NoSQL injection in /auth/resetpas...

HackTheBox Business CTF 2021 - Time (Web)

July 26, 2021 1 minute read

Time is a web challenge from HackTheBox Business CTF 2021. This challenge is talking about how to access with using date format? and how to bypass the flag f...

HackTheBox Business CTF 2021 - Rocket (Fullpwn)

July 26, 2021 10 minute read

Rocket is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerability on the machine is about Rocket.Chat 3.12.1 - NoSQL Injection to RCE (...

HackTheBox Business CTF 2021 - Manager (Fullpwn)

July 26, 2021 5 minute read

Manager is a fullpwn machine from HackTheBox Business CTF 2021. Our team has solved this machine in the first round. The vulnerability is ForgeRock Access Ma...

HackTheBox Business CTF 2021 - Level (Fullpwn)

July 26, 2021 14 minute read

Level is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Apache Flink Unauthenticated Arbitrary File Read,CVE-2...

HackTheBox Business CTF 2021 - Discordvm (Misc)

July 26, 2021 less than 1 minute read

Discordvm is a misc challenge from HackTheBox Business CTF 2021. This challenge is talking about how to vm module breakout on nodejs.

Spring Boot Log4j - CVE-2021-44228

December 13, 2021 less than 1 minute read

Description The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really really bad place. Log4J will perfo...

WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)

October 1, 2021 less than 1 minute read

Description The plugin does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform...

WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting

October 1, 2021 less than 1 minute read

Description The plugin does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site...

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

October 1, 2021 less than 1 minute read

Description The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered...

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

October 1, 2021 less than 1 minute read

Description The plugin does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-S...

Online Railway Reservation System 1.0 - ‘id’ SQL Injection (Unauthenticated)

January 7, 2022 less than 1 minute read

Information about vulnerability - Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated) - Date: 07/01/2022 - Exploit Au...

Online Veterinary Appointment System 1.0 - ‘Multiple’ SQL Injection

January 5, 2022 less than 1 minute read

Information about vulnerability - Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection - Date: 05/01/20222 - Exploit Author: tw...

Hospitals Patient Records Management System 1.0 - ‘id’ SQL Injection (Authenticated)

December 30, 2021 less than 1 minute read

Information about vulnerability - Exploit Title: Hospital's Patient Records Management System v1.0 - 'id' SQL Injection (Authenticated) - Date: 2021-12-30 - ...

Hospitals Patient Records Management System 1.0 - Account TakeOver

December 30, 2021 1 minute read

Information about vulnerability - Exploit Title: Hospital's Patient Records Management System v1.0 - 'id' Insecure direct object references (IDOR) leads to A...

Pengalaman Ujian Sertifikasi CEH Practical

January 16, 2022 3 minute read

Pendahuluan

Pengalaman Ujian Sertifikasi OSCP

August 27, 2021 6 minute read

All Damn Vulnerable Resources to Improve Your Pentesting Skill

October 18, 2020 1 minute read

This post contains some of the vulnerability apps means to improve your penetration testing skills and hacking skills

COMNETS LAB UNSRI - Internet of Things dataset

February 21, 2021 7 minute read

COMNETS lab dataset is a collection of datasets from the Department of Computer Engineering. Faculty of Computer Science. Universitas Sriwijaya.

Phising website analysis with Machine Learning

September 21, 2018 less than 1 minute read

Data Set Information: One of the challenges faced by our research was the unavailability of reliable training datasets. In fact this challenge faces any rese...

How to use Virus Total API for check PE file

September 22, 2018 3 minute read

Details: PE file : putty.exe

Phising website analysis with Machine Learning

September 21, 2018 less than 1 minute read

Data Set Information: One of the challenges faced by our research was the unavailability of reliable training datasets. In fact this challenge faces any rese...

HTB OSINT Challenge - Easy Phish

April 21, 2020 1 minute read

Easy Phish - OSINT challenge

HTB Web Challenge - Fuzzy

April 12, 2020 3 minute read

Fuzzy - Web challenge

Vulnhub & Proving Ground - Solstice

January 16, 2021 2 minute read

This is a machine originally from vulnhub SUNSET: SOLSTICE https://www.vulnhub.com/entry/sunset-solstice,499/. It was created on 26 June 2020 by whitecr0wz. ...

Vulnhub & Proving Ground - InfosecPrep

September 15, 2020 2 minute read

InfosecPrep machine is the original from vulnhub, if you wanna improve your skill on penetration skill, this machine in easy category machine and suitable fo...

Vulnhub & Proving Ground - Solstice

January 16, 2021 2 minute read

This is a machine originally from vulnhub SUNSET: SOLSTICE https://www.vulnhub.com/entry/sunset-solstice,499/. It was created on 26 June 2020 by whitecr0wz. ...

Vulnhub & Proving Ground - InfosecPrep

September 15, 2020 2 minute read

InfosecPrep machine is the original from vulnhub, if you wanna improve your skill on penetration skill, this machine in easy category machine and suitable fo...

How to use Virus Total API for check PE file

September 22, 2018 3 minute read

Details: PE file : putty.exe

All Damn Vulnerable Resources to Improve Your Pentesting Skill

October 18, 2020 1 minute read

This post contains some of the vulnerability apps means to improve your penetration testing skills and hacking skills

Cyberseclabs - Shares

December 28, 2020 3 minute read

Cyberseclabs is a CTF platform like HTB or THM, some of the machine includes are Linux, windows, active directory, and some challenge. If you wanna try cyber...

COMNETS LAB UNSRI - Internet of Things dataset

February 21, 2021 7 minute read

COMNETS lab dataset is a collection of datasets from the Department of Computer Engineering. Faculty of Computer Science. Universitas Sriwijaya.

Pengalaman Ujian Sertifikasi OSCP

August 27, 2021 6 minute read

Pengalaman Ujian Sertifikasi CEH Practical

January 16, 2022 3 minute read

Pendahuluan