Español
In this post we use a challenge from ASISCTF to explain a way to skip a filter, implemented by the function preg_match, to execute code PHP.
Power belongs to the people who take it
Category: Tutorials (Page 1 of 5)
Attacking JSON Web Token (JWT)
In this post we’ll see how a website that uses JWT incorrectly allows us to create users with arbitrary data. We will rely on a challenge from the CTF TJCTF, specifically the Moar Horse 4 challenge.
Continue reading
A CSRF is operated through an XSS. In this case we rely on a TJCTF challenge but it is applicable in many areas. This kind of attacks show the danger that XSS have as we saw in the post from WordPress 5.1 CSRF + XSS + RCE – Poc where even RCE was achieved.
Frida is a dynamic and flexible instrumentation tool. This powerful application can inject into running processes across multiple platforms: Android, iOS, Windows, Mac y QNX.
The utilities of this tool are varied, from performing tests without altering the code, modifying the flow of execution of a program or simply used to observe the state of processes within an application. These utilities we will see them oriented to the search for vulnerabilities and as support for other tasks within the pentesting of Android mobile applications.
Continue reading
In this pwn post we are going to face a linux binary with all the active protections. In this binary we find a format string and a buffer overflow, the first will serve us to ‘leak’ the necessary addresses to bypassear the protections and the second will serve us to take control of the process.
Continue reading
Redes Sociales
© 2024 ironHackers
Theme by Anders Noren — Up ↑