NodeJS Deserialization

This is a Pentester Academy challenge writeup. It required to exploit a CVE-2017-5941 vulnerability in NodeJS server application during deserialization to trigger an RCE. Warning this is a writeup so it contains spoilers. I am changing it a little bit in order to save you from revealing everything. Application Server consisted of two endpoints: / […]

Behind basic auth

Basic authentication is one of the simples methods of providing credentials to access resources. Today I’m going to take a look on it and provide you with an example of a web page utilizing this mechanism written with PHP and Apache. How does basic authentication work? On request to a protected resource, the server sends […]

Make use of htop

H

Or how to look cooler with htop Htop is a popular command-line tools for monitoring processes. It has some features that seem to be rarely used but could help you with process management or at least make your terminal look cooler. Help If you’ve ever wondered what do those weird colors on CPU and memory […]

Issues with JWT

I hoped this would never happen, but here we go. I have problems with managing to deliver an article for Wednesday not because I have so little time, but because I have no idea for an article. I’ve fooled around a little bit with network recon labs on Pentester Academy, I’ve fooled around python imports, […]

Next Page » « Previous Page