Burp Suite Academy – DOM XSS in document.write sink using source location.search inside a select elementBurp Suite Academy

This lab contains a DOM-based cross-site scripting vulnerability in the stock checker functionality. It uses the JavaScript document.write function, which writes data out to the page. The document.write function is called with data from location.search which you can control using the website URL. The data is enclosed within a select element. To solve this lab, perform a cross-site scripting attack that breaks out of the select element and calls the alert function. Select any element: https://0a060014049d514780bc08700015003f.web-security-academy.net/product?productId=1 This script gets the param

(Fix) – SSL routines::ca md too weak

This week after downloading again my htb vpn package I had an issue trying to connect to the Hack The Box labs. After searching a bit I found this resource that give me a fix. You just have to add tls-cert-profile insecure and modify cipher AES-128-CBC to data-ciphers-fallback AES-128-CBC After that you get the usual 2023-04-30 11:37:34 Initialization Sequence Completed

How to search for specific text in linux using grep

If you’re working with Linux and need to find a particular piece of text in a file or directory, you can use the following grep command. This is a powerful text-searching tool that allows you to search for specific patterns or strings of text within a file or directory. grep -rnw ‘/path/where/to/find’ -e ‘text_to_search’ -r: Tells grep to search recursively through all files in the specified directory and its subdirectories.-n:

Oh my Tmux! mapsheet

This weekend I installed again OhmyTmux! in my laptop and I’ve created a small mindmap to help me remember the bindings. Maybe it can help others, so I share it here.

Burp Suite Lab Academy – Reflected XSS into a JavaScript string with angle brackets HTML encodedBurp Suite Lab Academy

This lab contains a reflected cross-site scripting vulnerability in the search query tracking functionality where angle brackets are encoded. The reflection occurs inside a JavaScript string. To solve this lab, perform a cross-site scripting attack that breaks out of the JavaScript string and calls the alert function. Access to the lab URL. According to the description, the vulnerability is located in the search functionality: Checking the inspector we can see that the URL running

Getting Started with Virtual Environments in Python

Virtual environments are an essential tool for Python developers to manage dependencies and isolate projects. In this article, we will explore the basics of virtual environments and how to use them effectively. What are Virtual Environments? Virtual environments are isolated Python environments that allow you to install and manage dependencies for a particular project without affecting other projects or the system Python installation. Each virtual environment has its own Python

Burp Suite Lab Academy – Stored XSS into anchor `href` attribute with double quotes HTML-encoded

This lab contains a stored cross-site scripting vulnerability in the comment functionality. To solve this lab, submit a comment that calls the alert function when the comment author name is clicked. Access to the lab: According to the description, the vulnerability is in the comment functionality. Now we can our comment in the source: Intercepting the request: Checking Burp Suite XSS documentation and based on the source code obtained after adding a new comment,

offsec.tools

Offsec.tools is a community-driven website that provides an extensive collection of security tools organized by categories and tags, making it easy to find the right tool for your security testing needs. The website includes tools for various security testing activities such as cloud and services, CMS, information gathering, technologies, vulnerabilities, and miscellanea. The tags cover a broad range of topics such as AWS, Azure, Bitbucket, Censys, Cloudflare, Detectify, DigitalOcean, GitHub,

Pdtm by Project Discovery

Project Discovery is an open-source software company that builds tools for cybersecurity.They are under nuclei, subfinder, httpx, katana or naabu. Recently they have published pdtm.Pdtm is a simple and easy-to-use golang based tool for managing open-source projects from ProjectDiscovery. Install go1.19 is required to install successfully pdtm. $ go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest Usage $ pdtm –help $ pdtm if needed add your bin go path to the config file located in:

HTB Funnel

$ nmap -v -sV -p- 10.129.74.179 –min-rate 5000 $ ftp 10.129.74.179 Users detected: According to the password policy found, the default’s password is funnel123#!# $ ssh christine@10.129.74.179 Which service is running on TCP port 5432 and listens only on localhost? christine@funnel:~$ ss -tulpn Port 5432 is usually used by PostgreSQL As we don’t have access to the previously mentioned service from our local machine, we need to create a tunnel