In this post we use a challenge from ASISCTF to explain a way to skip a filter, implemented by the function preg_match, to execute code PHP.
Power belongs to the people who take it
In this post we use a challenge from ASISCTF to explain a way to skip a filter, implemented by the function preg_match, to execute code PHP.
In many hotels, institutes and companies, a captive portal is established to control access to the WIFI network. In this post we will see two real cases in which we could bypass this login, one with a very low protection and another that required more work but once prepared everything allows us to skip the restriction in many of the portals with that same configuration .
The most normal after getting RCE through a Web application, a MSQL with xp_cmdshell or another method is to try to get a shell.
In this post we will see a list of commands to get shell in Windows with its proof of concept and the reaction that causes this execution in Windows Defender. Continue reading
In this post we see how to get command execution in Windows 10 through a phishing with a malicious PDF with a embedded file with SettingContent-MS extension that will run automatically using JavaScript. We will create malicious PDF ant make a simple test without using Adobe Acrobat DC Continue reading
Cross-site scripting (XSS) is a vulnerability that allows an attacker to inject code (usually HTML or JavaScript) into a web. When a victim sees an infected page, the injected code runs in his browser.
Today we bring a Cheat Sheet about this vulnerability that is not the best known by the common user but is one of the most appearing on the webs.
Continue reading
© 2024 ironHackers
Theme by Anders Noren — Up ↑