[NetSec] Keeping Authentication Tokens Safe

An authentication token should not be left as it is in the database; that's common sense. But, applying a heavy hashing algorithm to secure it, also doesn't make much sense. Why? Authentication token, if it is created properly (128bits etc), is already very secure by itself. And by its nature, it doesn't contain any username… Continue reading [NetSec] Keeping Authentication Tokens Safe


[CTF] CTFLearn.com – Basic Injection

Ok, here is the solution for the very basic SQL injection CTF located on https://web.ctflearn.com/web4/. When you load the page you see this: There is nothing to do here, except entering some inputs, which leads nowhere. So, I checked the source code of the webpage. Very simple stuff, but look at that comment line. I tried… Continue reading [CTF] CTFLearn.com – Basic Injection


Level 0 ssh leviathan0@leviathan.labs.overthewire.org -p 2223 User / Pass : leviathan0 / leviathan0 leviathan0@leviathan:~$ ls -la total 28 drwxr-xr-x 4 leviathan0 leviathan0 4096 Aug 30 19:22 . drwxr-xr-x 11 root root 4096 Aug 30 19:22 .. drwxr-x--- 2 leviathan1 leviathan0 4096 Jun 15 11:38 .backup -rw-r--r-- 1 leviathan0 leviathan0 220 Apr 9 2014 .bash_logout -rw-r--r--… Continue reading [WriteUp] – OVERTHEWIRE – LEVIATHAN

[WriteUp] Tr0ll

  Let's scan our network to find the machine first. nmap -sn Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-11 13:39 +03 Nmap scan report for Host is up (0.019s latency). MAC Address: 00:50:56:01:06:28 (VMware) Nmap scan report for Host is up (0.00065s latency). MAC Address: 08:00:27:62:C8:63 (Oracle VirtualBox virtual NIC) Nmap… Continue reading [WriteUp] Tr0ll

[WriteUp] Hackthebox Invite Code Challenge

I was planning to join Hack The Box for awhile but kept postponing it until today. I had free time on this beautiful Saturday afternoon, I thought why not give it a try. It took around 45 minutes to get the result. I like the idea of hacking the invitation page first and proving you are… Continue reading [WriteUp] Hackthebox Invite Code Challenge

[WriteUp] OverTheWire – Natas – Part 1

OverTheWire hosts some cleverly designed war games and Natas is one them which is focusing on web security. It has 27 steps in total where it starts with the simplest challenge and gradually becomes more difficult. To access the next level, you have to capture the flag of the previous one. Let's start. Level 0… Continue reading [WriteUp] OverTheWire – Natas – Part 1