Injecting Shellcode and bypassing NX with ROP and Pwntools THM -TryPwnme0X2In this article, I will bypass the NX and inject shellcode into the binary to achieve remote code execution If you haven’t read the first…Jan 16Jan 16
Exploiting stack overflow with ROP and Pwntools THM -TryPwnme0X1In this article, I will solve the first challenge of trypwn me a room of THM this is a fundamental challenge of exploiting binaryJan 7Jan 7
Exploiting Parameter Tampering for purchasing paid products freeIn this article, I will demonstrate one of my findings of parameter tampering leads to the purchasing of paid products for free I was…Feb 11, 2024Feb 11, 2024
Exploiting Blind SQL Injection manually [mod_waf bypass ]In this article, I will demonstrate how I exploited inband SQL injection in a web application.Jan 22, 2024Jan 22, 2024
Hijacking dead code in binary exploitation — stack overflow 0x01In this article/tutorial I am going to exploit a dead code present in binary that is unused we will use that code for executing commands…Oct 15, 2023Oct 15, 2023
Automating favicon.ico with regex and bash for mass port scanningIn this article we will automate and fetch the subdomains from favicon.ico and shodan and do mass port scanning for finding p1Jan 5, 20231Jan 5, 20231
Cloudfare XSS bypass + improper csrf token leads to account takeover of victim accounttl;drNov 30, 20221Nov 30, 20221
Exploit SUID misconfiguration for privilege escalationIn this article, I am going to explain what are SUID binaries how to exploit them for getting root shell i.e privilege escalation on the…Feb 12, 2022Feb 12, 2022
Chaining Improper Authenticationto IDOR and no rate limit for mass account takeoverYou can also read this article hereNov 24, 2021Nov 24, 2021
Evil Regex Injection: Redos attackIn this article, I talk about how can be exploited regex to shut down the site for legitimate Users for a few hours or minutes depending on…May 24, 2021May 24, 2021
![Exploiting Blind SQL Injection manually [mod_waf bypass ]](https://miro.medium.com/v2/resize:fill:160:106/1*KP_Pzgzesql43-bhiVieqQ.png)
![Exploiting Blind SQL Injection manually [mod_waf bypass ]](https://miro.medium.com/v2/resize:fill:320:214/1*KP_Pzgzesql43-bhiVieqQ.png)
