HackTheBox - Manager (Mobile) Walkthrough
A client asked me to perform security assessment on this password management application. Can you help me?
·
10 min read
L0WK3Y
Your friendly neighborhood malware analyst. Stay tuned, as I clear out my massive backlog of content! 🙂
PortSwigger Academy - User Role Controlled by Request Parameter
This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. Solve the lab by accessing the admin panel and using it to delete the user carlos. You can log in to your own account using the following credentials: wiener:peter
·
5 min read
PortSwigger Academy - Unprotected Admin Functionality
This lab has an unprotected admin panel. Solve the lab by deleting the user carlos.
·
4 min read
How to Set Up SonarQube and PostgreSQL Using Docker
SonarQube is an open-source SAST platform for continuous inspection of code quality, ensuring clean, maintainable, and reliable code. By integrating it with Docker, you can effortlessly manage its deployment, making it portable and easily scalable...
·
5 min read
PortSwigger Academy - Authentication Bypass via Information Disclosure
This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.
·
6 min read
PortSwigger Academy - Source Code Disclosure via Backup Files
This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.
·
4 min read
PortSwigger Academy - Information Disclosure on Debug Page
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
·
4 min read
How To Install ADB Bootloader/Fastboot Drivers on Windows in 2025!
This blog serves to be an updated guide on how to install Bootloader/Fastboot drivers for your Android device. I will be using the Google drivers in this tutorial, so no suspicious downloads will be used at all in this blog!
·
7 min read
PortSwigger Academy - Information Disclosure in Version Control History
This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.
·
5 min read
HackTheBox - APKey Walkthrough
This app contains some unique keys. Can you get one?
·
7 min read
