It is an injection attack where malicious JavaScript gets injected into a web application with the intention of being executed by other users. Types of XSS Reflected XSS Stored XSS DOM based XSS Blind XSS Reflected XSS Reflected XSS happens when user-supplied data in an HTTP request is included in the webpage source without anyContinue reading “Cross-site Scripting”
Tag Archives: TryHackMe
Understanding Log4j
What is Log4j? Log4j is a java package mostly a part of the Apache Logging utility used to capture logs. Everything you do on the internet becomes an event that gets captured in a form of a log. Even your inputs also get captured in logs. Your application is vulnerable if it logs a user’sContinue reading “Understanding Log4j”
Tryhackme – Kenobi
Scan the machine with nmap, how many ports are open? Answer: 7 Enumerating Samba for shares nmap -p 445 –script=smb-enum-shares.nse,smb-enum-users.nse 10.10.203.136 Using the nmap command above, how many shares have been found? Answer: 3 On most distributions of Linux smbclient is already installed. Lets inspect one of the shares. smbclient //<ip>/anonymous Using your machine, connectContinue reading “Tryhackme – Kenobi”
Upload Vulnerabilities
Task 1 – Deploying Machine Task 4 – Overwriting Existing Files What is the name of the image file which can be overwritten? Answer – mountains.jpg Overwrite the image. What is the flag you receive? Step 1: Download a sample image Step 2: Change the name of the image Step 3: Now select the downloaded image toContinue reading “Upload Vulnerabilities”
Basic Pentesting
Task 1 – Web App Testing and Privilege Escalation In these set of tasks you’ll learn the following: Brute forcing Hash cracking Service enumeration Linux Enumeration The main goal here is to learn as much as possible. Find the services exposed by the machine: Use “nmap” to find out what services are running on theContinue reading “Basic Pentesting”
