lucrecia has installed multiple web applications on the server.

I’m gonna solve another room called “Ghizer“. It’s available at TryHackMe with medium difficulty level.

Photo by Laith Abushaar on Unsplash

Let’s do a port scan:

OAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites. [Wikipedia]

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows…

I was surfing in one of the famous online transportation applications and its PWA service. After a while I noticed a Critical vulnerability in Payment Gateway Module. So Let me explain the scenario.

At the first step, You should enter your mobile number and then it sends an OTP to verify your mobile. Next, I try to increase my account balance and I select 10,000 amounts and click on payment button. The first request is as following:

In one of the RedTeam projects, I was looking to use BloodHoundAD Script. BloodHound is a single page JavaScript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper…

Aidin Naserifard

Bug Hunter, Penetration Tester, Red Teamer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store