Pengalaman Ujian Sertifikasi CEH Practical
Pendahuluan
Posts by Year
2022
Online Railway Reservation System 1.0 - ‘id’ SQL Injection (Unauthenticated)
Information about vulnerability - Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated) - Date: 07/01/2022 - Exploit Au...
Online Veterinary Appointment System 1.0 - ‘Multiple’ SQL Injection
Information about vulnerability - Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection - Date: 05/01/20222 - Exploit Author: tw...
2021
Hospitals Patient Records Management System 1.0 - ‘id’ SQL Injection (Authenticated)
Information about vulnerability - Exploit Title: Hospital's Patient Records Management System v1.0 - 'id' SQL Injection (Authenticated) - Date: 2021-12-30 - ...
Hospitals Patient Records Management System 1.0 - Account TakeOver
Information about vulnerability - Exploit Title: Hospital's Patient Records Management System v1.0 - 'id' Insecure direct object references (IDOR) leads to A...
Spring Boot Log4j - CVE-2021-44228
Description The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really really bad place. Log4J will perfo...
WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)
Description The plugin does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform...
WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting
Description The plugin does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site...
WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code
Description The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered...
Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)
Description The plugin does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-S...
TryHackMe - 0day
This room was created by 0day, we can access on the tryhackme. 0day machine has a famous vulnerability called Shell Shock CVE-2014-6278 2014-6271, and from t...
HackTheBox Business CTF 2021 - Parkor (Fullpwn)
Parkor is a fullpwn (Windows OS) challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Cockpit CMS NoSQL injection in /auth/resetpas...
HackTheBox Business CTF 2021 - Time (Web)
Time is a web challenge from HackTheBox Business CTF 2021. This challenge is talking about how to access with using date format? and how to bypass the flag f...
HackTheBox Business CTF 2021 - Rocket (Fullpwn)
Rocket is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerability on the machine is about Rocket.Chat 3.12.1 - NoSQL Injection to RCE (...
HackTheBox Business CTF 2021 - Manager (Fullpwn)
Manager is a fullpwn machine from HackTheBox Business CTF 2021. Our team has solved this machine in the first round. The vulnerability is ForgeRock Access Ma...
HackTheBox Business CTF 2021 - Level (Fullpwn)
Level is a fullpwn type challenge from HackTheBox Business CTF 2021. The vulnerabilities on target are Apache Flink Unauthenticated Arbitrary File Read,CVE-2...
HackTheBox Business CTF 2021 - Discordvm (Misc)
Discordvm is a misc challenge from HackTheBox Business CTF 2021. This challenge is talking about how to vm module breakout on nodejs.
COMNETS LAB UNSRI - Internet of Things dataset
COMNETS lab dataset is a collection of datasets from the Department of Computer Engineering. Faculty of Computer Science. Universitas Sriwijaya.
Vulnhub & Proving Ground - Solstice
This is a machine originally from vulnhub SUNSET: SOLSTICE https://www.vulnhub.com/entry/sunset-solstice,499/. It was created on 26 June 2020 by whitecr0wz. ...
2020
Cyberseclabs - Shares
Cyberseclabs is a CTF platform like HTB or THM, some of the machine includes are Linux, windows, active directory, and some challenge. If you wanna try cyber...
TryHackMe - Startup
The introduction from THM’s Startup room. “We are Spice Hut, a new startup company that just made it big! We offer a variety of spices and club sandwiches (i...
All Damn Vulnerable Resources to Improve Your Pentesting Skill
This post contains some of the vulnerability apps means to improve your penetration testing skills and hacking skills
Vulnhub & Proving Ground - InfosecPrep
InfosecPrep machine is the original from vulnhub, if you wanna improve your skill on penetration skill, this machine in easy category machine and suitable fo...
TryHackMe - Gaming Server
Gaming Server is an easy Boot2Root box for beginners. In this box/machine, we need know how about decrypting ssh private key and escalate the privilege via lxs
TryHackMe - Kiba
Kiba box from the TryHackMe description is talking about Identify the critical security flaw in the data visualization dashboard, that allows execute remote ...
TryHackMe - Easy Steganography
An easy steganography challenge. No hint, just solve it. This is a free room, which means anyone can deploy virtual machines in the room (without being subsc...
TryHackMe - Simple CTF
Beginner level CTF
TryHackMe - Ignite
A new start-up has a few issues with their web server.
TryHackMe -Vulversity
Learn about active recon, web app attacks and privilege escalation.
TryHackMe - Blue
Blue is a windows machine. The famous of the vulnerability issue in the machine is Eternal Blue.
HTB OSINT Challenge - Easy Phish
Easy Phish - OSINT challenge
HTB Web Challenge - Fuzzy
Fuzzy - Web challenge
TryHackMe - OhSINT
Are you able to use open-source intelligence to solve this challenge?
TryHackMe - Nmap
RP: Nmap
2018
How to use Virus Total API for check PE file
Details: PE file : putty.exe
Phising website analysis with Machine Learning
Data Set Information: One of the challenges faced by our research was the unavailability of reliable training datasets. In fact this challenge faces any rese...