api
-
Hack The Box: Pilgrimage Writeup
We’re back again with another Hack The Box machine. This time, I hacked Pilgrimage. Although it was listed as an “easy” box, I thought it was a bit more involved than other easy boxes I’ve done in the past. So, let’s get into it! Recon Scanning I started off with a quick TCP scan of
-
Evil Twin Part 2: spying on victims with a MITM attack
We’re back with another Evil Twin attack tutorial. This time, we’re going to be building off my last post by adding internet access to the evil twin. So, if you haven’t read it and followed along, do that first before moving on to this post. With internet access provided to our evil twin, we’re finally
-
Hack The Box: SAU Writeup
It’s time I get back into some Hack The Box! I’ve done some machines before but it’s been a while since I’ve hacked the box. So, in the post, I’m going to walk you through my thought process of hacking the SAU machine. This will not simply be a list of commands I used to
-
Building Your Own Evil Twin Access Point from Scratch
Hello again! It’s been a while but I’m back after a bit of a break! In this post, I’m going to show you how to set up an evil twin wireless access point. This post is going to be part of a series of posts detailing different attacks we can build off of this simple
-
Remote code execution via polyglot web shell upload – Portswigger Web Security Academy Lab Walkthrough
In this lab, we will bypass simple file validation to upload PHP code. I found this lab particularly interesting because the bypass involved injecting code into an image’s metadata. This is a technique I was unfamiliar with before attempting to solve this lab and I thought it was pretty cool. So, let’s get into my
-
How to crack your WiFi network’s password with aircrack-ng
Hello again! If you read my last post on AP and Client discovery with Airodump-ng, then get ready to take the skills you learned to the next level! We’re not just going to be observers anymore. We’re going to hack wireless networks by cracking their passwords! This method involves using airodump-ng to capture the necessary