XSS
-
Read more: Mobile Hacking Lab – Post BoardDescription: Welcome to the Android Insecure WebView Challenge! This challenge is designed to delve into the complexities of Android’s WebView component, exploiting a Cross-Site Scripting (XSS) vulnerability to achieve Remote Code Execution (RCE). It’s an immersive opportunity for participants to engage with Android application security, particularly focusing on WebView security issues. Download: https://lautarovculic.com/my_files/postBoard.apkLink:https://www.mobilehackinglab.com/path-player?courseid=lab-webview Install the app with ADB…
-
Read more: Protected: Alert – Hack The Box – @lautarovculicThere is no excerpt because this is a protected post.
-
Read more: Sea – Hack The Box – @lautarovculicUser.txt Let’s discover open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 –min-rate 5000 10.10.11.28 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu)) We need add sea.htb to our /etc/hosts file sudo echo “10.10.11.28 sea.htb” | sudo…
-
Read more: IClean – Hack The Box – @lautarovculicUser.txt First, we will discover which ports are open. sudo nmap -sS –min-rate 5000 -n -Pn -T4 -vv -sV 10.10.11.12 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 ((Ubuntu)) If we go to clean.htb…
-
Read more: Micro-CMS v1 – @lautarovculicFlags: 4 Difficulty: Easy Category: Web Flag 1/4 By taking a short tour through the application, we can view and edit a number of ready-made testing pages, and we can also create a page. On the first page we see that markdown is allowed, but script… no? Let’s try it. Press the save button and..…