Overview: As a community volunteer @Winja I created reverse engineering ctf challenges for Wicked 6 Winja CTF for Women. Without wasting further time let’s jump in! d3bug-th1s Challenge Name: d3...
$whoami - My Background My name is Siddhant Chouhan, I am from New Delhi, India. I am a cyber security enthusiast and have keen interest in vulnerability assessment and penetration testing. I love...
Introduction: In this blog post I’ll be talking about my PWK-OSCP journey. I will be sharing useful resources as well that were helpful for me in this journey. An OSCP has demonstrated the abi...
Overview: This windows box involves 3 Active Directory attacks AS-REP Roasting followed by Kerberoasting and finally a DC Sync to get the administrator NTLM hash. The box starts with us finding ou...
Overview: This windows box starts with us enumerating ports 80 and 135. We leak the ipv6 address of the box using IOXID resolver via Microsoft Remote Procedure Call. DCOM(Distributed Component Obj...
Overview: The box starts with us finding a python flask jinja 2 webapp on port 80 and we have splunk running on port 8089 , We perform a Server-Side Template Injection to get remote code execution...
Overview: The box starts with us finding a Gym Management System web application, and using searchsploit we find there is an Unauthenticated File Upload Vulnerability and we get a shell on the box...
Overview This windows box involved a lot of enumeration. It starts with us resetting an account via the poorly implemented reset password functionality on the web server.Then we are able to enum...
Overview: The box starts with us finding a Local File Inclusion Vulnerability on port 80 and we have tomcat running on port 8080 ,so we can use the LFI vulnerability to find credentials for tomcat...
Overview: This windows box required a lot of enumeration and was focussed on Active Directory. It starts with us finding anonymous access to a smb share which had a lot of directories which turn o...