Mass Assignment Vulnerabilities

Rarely talked about, this is an interesting vulnerability. In 2012, GitHub faced a significant Mass Assignment vulnerability. An attacker discovered that GitHub’s enterprise system allowed users to set arbitrary parameters, including the admin flag, during account creation. The attacker exploited this by including the admin parameter in the account registration request, granting themselves administrative privileges.

HTTP Request Smuggling Overview

HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers

Hacking a WebServer – How?

When it comes to attacking web servers without any initial access, there are more ways than one may think of. Lets start from the most common and go from there: 1. Web Application Vulnerabilities Issues within the application itself can be exploited remotely to possibly gain control or access backend systems. Vulnerabilities such as SQL

Patterns Hidden in Passwords: Part 1

In the digital age, passwords serve as the gatekeepers to our virtual lives, safeguarding everything from personal correspondence to financial information. This article provides a detailed exploration of password patterns, incorporating extensive statistics, examples, and insights to paint a full picture of current trends and their implications for security. This is the part 1 of

Beyond EyeWitness: Crafting Custom Python Scripts

Welcome to the second part of Python for penetration testing. Today, we embark on a noble quest: to check if the digital gates (ports, for the uninitiated) of our fortresses (servers, in tech-speak) are up or inviting trouble. Gathering Your Tools Before our adventure begins, ensure your satchel is equipped with Selenium and python-docx, potent

The Story of the Very First Hack

Long before the internet, two brothers, FranΓ§ois and Joseph Blanc, pulled off the very first hack in history. This happened way back in 1834, when the coolest tech around was the telegraph. Sounds a bit surreal, but back then those telegraphs did not work with electromagnetic impulses. No, they were optical. The Blanc brothers’ scheme