@skelter
learn
Nothing here yet.
Nothing here yet.
Nov 22, 2021 · 1 min read · I came up with this solution, and after capturing the flag, i noticed that all the other writeups made use of the DNS rebinding technique. Checking the code, you'll see that the "/flag" endpoint is only accessible from a local machine. You can either...
Join discussion
Nov 21, 2021 · 1 min read · This is a simple one. The login is based on LDAP user authentication. You can login using: Username:* Password:* After this, you can search the phonebook, and a few usernames will pop. We can try to extract passwords from users, and we start by the...
Join discussionNov 20, 2021 · 4 min read · Afaik, this is the first publicly available writeup on this challenge. abusehumandb is a fun one on HackTheBox, but i wouldn’t rate it as “easy”, compared to other easy ones there. . . If you have any questions, leave a comment, but for now, i’d reco...
OCOtis commented