Injecting Shellcode and bypassing NX with ROP and Pwntools THM -TryPwnme0X2In this article, I will bypass the NX and inject shellcode into the binary to achieve remote code execution If you haven’t read the first…Jan 16Jan 16
Exploiting stack overflow with ROP and Pwntools THM -TryPwnme0X1In this article, I will solve the first challenge of trypwn me a room of THM this is a fundamental challenge of exploiting binaryJan 7Jan 7
Exploiting Parameter Tampering for purchasing paid products freeIn this article, I will demonstrate one of my findings of parameter tampering leads to the purchasing of paid products for free I was…Feb 11, 2024Feb 11, 2024
Exploiting Blind SQL Injection manually [mod_waf bypass ]In this article, I will demonstrate how I exploited inband SQL injection in a web application.Jan 22, 2024Jan 22, 2024
Hijacking dead code in binary exploitation — stack overflow 0x01In this article/tutorial I am going to exploit a dead code present in binary that is unused we will use that code for executing commands…Oct 15, 2023Oct 15, 2023
Automating favicon.ico with regex and bash for mass port scanningIn this article we will automate and fetch the subdomains from favicon.ico and shodan and do mass port scanning for finding p1Jan 5, 20231Jan 5, 20231
Cloudfare XSS bypass + improper csrf token leads to account takeover of victim accounttl;drNov 30, 20221Nov 30, 20221
Exploit SUID misconfiguration for privilege escalationIn this article, I am going to explain what are SUID binaries how to exploit them for getting root shell i.e privilege escalation on the…Feb 12, 2022Feb 12, 2022
Chaining Improper Authenticationto IDOR and no rate limit for mass account takeoverYou can also read this article hereNov 24, 2021Nov 24, 2021
Evil Regex Injection: Redos attackIn this article, I talk about how can be exploited regex to shut down the site for legitimate Users for a few hours or minutes depending on…May 24, 2021May 24, 2021
Exploiting ssrf vulnerablity part 2hey folks! what’s up? This is my second artice about ssrf exploitation if you doesn’t read part 1 you can read it from in this article…Apr 24, 2021Apr 24, 2021
Exploiting and Identifying Ssrf Vulnerablity Part-1hey folks ! what’s up ? hope you are doing well since today am starting a series for exploiting ssrf i.e server side requested forgery…Apr 23, 2021Apr 23, 2021
Is Programmin Is Necassary For HackingWell i got lots of questions from peoples that is it neccessary to learn programming to become a bug hunter,ethical hacker,pentester etc…Apr 22, 2021Apr 22, 2021
making a simple wayback machine with python 3in this tutorial i will show how we make a simple wayback machine with python 3 to extract arcieved url we will use classes and object i…Apr 22, 20211Apr 22, 20211
How I Abuse Auth Token To Get Account Takeover Via Chained WithCsrfWell this is my another artcle in which i share my experience how i abuse and expoloit authenticity tokens and chain with csrf to get full…Mar 31, 20211Mar 31, 20211
fd challange walkthoughin this series i will solve a simple walktough of fd challenge available onMar 23, 2021Mar 23, 2021
Authentication_token_bypass Leads Too_idorhere is the article how i was able to bypass authentication token and able to exploit idor and add any user to add events of website…Jan 28, 2021Jan 28, 2021
How_i_was_able_to_pawned_website_via_escilating_webcache deception to rcePosted on August 5, 2020Jan 28, 2021Jan 28, 2021
Web_cahe_posioning_to_xss_and_ssrfi don’t waste time by talking about myself …i gonna share my experience of a bug “web cache poisioning” in bug bounty as usually i was…Jan 28, 2021Jan 28, 2021
![Exploiting Blind SQL Injection manually [mod_waf bypass ]](https://miro.medium.com/v2/resize:fill:80:53/1*KP_Pzgzesql43-bhiVieqQ.png)
![Exploiting Blind SQL Injection manually [mod_waf bypass ]](https://miro.medium.com/v2/resize:fill:160:107/1*KP_Pzgzesql43-bhiVieqQ.png)
