Skip to content
/ Blog Public

This is my blog page, and I share my Write-Ups, videos, articles, and codes here.

License

Notifications You must be signed in to change notification settings

xbforce/Blog

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Twitter        Youtube

I share my writeups, articles, videos here.



WriteUp

Full Account Takeover Via UID Parameter One of the biggest mistakes that developers make is creating ID numbers or other elements in sequence, which can cause their products to be vulnerable to different vulnerabilities. 👨‍💻 Read more

Full Account Takeover On A European Organization Full Account Takeover happens when the hacker has full access to any account on the targeted web application. He is able to access accounts, read any Private Information of the victims he wants, change email addresses and passwords, and even delete accounts. 👨‍💻 Read more

Account Takeover via iFrame Injection Sometimes you find an XSS vulnerability on a target domain but you cannot inject your javascript codes because the target sanitizes payloads perfectly using black/white lists or stop them from doing their malicious jobs by using WAFs, but there are always different ways to bypass defending mechanisms, and it is only the matter of time and efforts. 👨‍💻 Read more

Sniper's Writeup Sniper is a medium level windows box and its IP address is 10.10.10.151. To solve this box you need to use a windows machine or use wine tool in Kali linux. As always I scanned the target with Nmap: I usually scan all ports without any specific flag 👨‍💻 Read more

Monteverde's Writeup Monteverde is a medium Windows box which let you to learn something new about Azure AD. Getting user flag wasn’t a big deal to me, but the root was a pain in the neck. I do nmap without any specific flag to scan all ports 👨‍💻 Read more


Video

How To Work With ffuf ffuf is recognized as the fastest web fuzzer which is written in Go. You can use this great tool to fuzz directories, files, subdomains or even bruteforce usernames and passwords. Let's learn how to work with this great tool. 📺 Watch

How To Work With WFUZZ Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. 📺 Watch

How To Install Evilgrade Evilgrade is a tool which allows hackers to inject malicious updates of softwares to the victims’ machines. In this video I show you how to install Evilgrade on Kali Linux machines. 📺 Watch

How To Fix "Network Is Unreachable" Error? Sometimes when you start using a new interface you lose your network connection and face the error 📺 Watch



Article

Ways Of Saving Outputs In this post I mention stdout and stderr a lot, so first we need to know what they are: Stdout is short for standard output, which is the default data stream for output. Stderr or standard error is another output stream typically used by programs to output error messages. 👨‍💻 Read more