Brute-Force What is brute-forcing? Brute-forcing is a attack method used to get passwords or logins to a web application by trial and error method. Imagine you have a login page with 2 text input fields named username and password. And you know definitely the username is "admin" and the password is less or equal to … Continue reading Damn Vulnerable Web Application(DVWA) walkthrough-Part 02
In this post I will be documenting how I created a AD lab in Oracle Cloud. So I logged in to oracle cloud and using the free trial credit ( not mine, bless that person though ). Oracle Dashboard So I went on and created 4 vms that I thought I will connect to the … Continue reading Creating Vulnerable lab in Active Directory
Tmux comes from Terminal Multiplexer. It's used to handle multiple terminal sessions in a single window. Sounds cool if you know how you feel when 10 or 12 terminals lying in your desktop. To start tmux session type... well tmux in your terminal. If you want to create new session with a name type tmux … Continue reading Using tmux for productivity
In the previous article we learned how to load a executable and do basic analysis in the radare2. This article is based on a picoCTF 2018 challenge "learn the gdb". If you read the article about gdb you might know it already. The file is here. Load it into the radare. r2 <filename>. Let's analyse … Continue reading Beginners guide to radare2-Part 2
GDB is a short for GNU debugger. Almost all *nix OSes comes with it. So if you are playing a ctf or want to debug something quickly GDB is the way. Today we are going to learn gdb by disassembling a simple program. A picoCTF 2018 problem. File is here. We have to get the … Continue reading Quick intro to GDB
As I am learning to play with web vulnerabilities I stumbled upon DVWA. so let's take a look. I downloaded the live cd because of the laziness of me and plus turns out it's based on ubuntu 10.04 so more vulnerabilities outside of DVWA. We will find out. so I setuped the VMWare to have … Continue reading Damn Vulnerable Web Application(DVWA) walkthrough-Part 01
There are three giants in the reverse engineering world. radare2IDA ProGhidra IDA Pro has triumphed the reverse engineering universe as GUI capabilities and user-friendly interface it offers. Personally I don't like it because it has a huge price. So the options we open-sourced community have is Ghidra and radare2. Even though ghidra is used in … Continue reading Beginners guide to radare2-Part 1
For moving data from one point to another we require a standard protocol like framework to be compatible with each and every computer. Transmission Control Protocol/Internet Protocol aka TCP/IP provides us with this framework. It requires certain basic information from us to move data. We need to provide that if we want most reliable or … Continue reading Beginner guide to Networking-Part 01
Sala's Blog 