William Mawillsec.hashnode.dev·Sep 6, 2024HTB Notes: FunnelFTP We begin by scanning the box with nmap. We find two ports open on the machine: 21 (ftp) and 22 (ssh) We can access the ftp server using the anonymous user account. An interesting note is we could use either the anonymous or ftp user and we co...46 reads#HackTheBox
raja manisynackwithraj.hashnode.dev·Aug 14, 2024Learn like a Baby - Important Update to BAV2ROPC downgrade attacks for bypassing MFA - 4History BAV2ROPC stands for 'Basic Authentication Version 2 Resource Owner Password Credential' and is commonly used by old email apps such as iOS Mail. It is often seen in SaaS/email account compromises where accounts have 'legacy authentication' en...69 readsCloud Attacks - AzureMFA-Bypass
James Gallagherjamesonhacking.hashnode.dev·Mar 15, 2023Defeating Rate Limiting with FireproxI've been using fireprox to defeat rate limiting with great success. This tool sets up a pass-through-proxy in AWS API Gateway which is mapped to a specific target URL. It allows an attacker to rotate their egress IP address between hundreds of egres...658 readshacking
