Easy box made by Jin NMAP ┌──(root kali)-[~/Desktop] └─# nmap -sS -A -sC -sV -p- -T410.10.11.143 Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-22 12:31 EST Nmap scan report for 10.10.11.143 Host is up (0.24s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh…

eLearnSecurity Certified Penetration Tester eXtreme Summary Hello Folks, some times ago i decided to take eLearnSecurity Certified Penetration Tester eXtreme (eCPTX) exam. Knowing I am going against something really difficult. Advanced Penetration Testing — Course The eCPTX exam is based on the Advanced Penetration Testing course under the INE flag. …

Hello Folks, i want to tell my story of this type of XSS. Payload: "><svg+svg+svg\/\/On+OnLoAd=confirm(1)> Why this payload work? …In my case, i was in front of an application that my payload was closed by Unicode Character. Example: "><svg/onload=alert(1)> This Payload was Blocked: “><sv\u01234\g\u01235/on\u01236load=confirm(1)> I This case i tryied to use…

First Step: In first, i found my subdomain using Amass tool. After i used ffuf tool for brute force the directories and i found an Improper access control: https://subdomain.xxx.com/phppgadmin There was a page with need to submit credentials, user and password. I tried some combination of user/password with googling, and thanks to…

Note: I will not mention the companies, for reasons of privacy and confidentiality. What is SQL Injection? A SQL Injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database…

Difficulty: Medium/Hard NMAP:

Difficulty: Medium NMAP:

Difficulty: Easy/Medium NMAP: