Security Innovations - Shred - Command and Control

March 9, 2023
Walkthroughs, Cmd+Ctrl

Ooooooh, yeah. I did it, because the range hasn’t changed for over a fucking year. That’s lazy on their part. The security industry evolves, your ranges should too. Here, I will be using https://caido.io/ instead of Burp or ZAProxy for this… why? No particular reason. Just to be fair and showcase that such a thing exists. There’s also Charles, and many others. "><plaintext> - Breaks the search feature, there’s cross site scripting here. ...

TryHackMe - Olympus Walkthrough

November 25, 2022
Walkthroughs, TryHackMe
ctf, sql injection, attack surface mapping, password cracking

Task 1 | Connection # https://tryhackme.com/room/olympusroom is a medium difficulty room on [https://tryhackme.com/](TryHackMe training platform) by Gavroche. It’s primary focus is sql injection, in my opinion, with a slant on enumeration and systems comprehension. We’re going to get started by adding olympus.thm to our /etc/hosts file to assist with enumeration.. this is recommended in the description and I’ve adopted it as a solid sign that we’ll need to do subdomain enumeration. ...