Posts

TCS HACKQUEST PLAYGROUND WALKTHROUGH

Image
Hello Hackers! I hope you're doing well. This blog is a part of KeyCybr Internship. Recently I came across the TCS Hackquest Playground, and here I'll be giving an insight into the solution for the same. The link to register for the same is  https://play.tcshackquest.com/register   This playground is like a warm-up before the actual TCS Hackquest, which is probably scheduled for January 2022. Let's dive into the challenges. Challenge 1: Time to play with J.S.   As you click on "Link here" you'll be redirected to a page that looks like  You'll have to enter the value here to get the flag. Now, since there's nothing visible on the page, the fundamental thing that should strike you must be viewing the page source! As you visit the page source, you'll see The variable contains a base 64 string. On decoding it with the base 64 decoder You'll get submitthis: {text_to_be_submitted} As you submit the text and click on Retrieve the Flag, you'll rece

OWASP TOP 10 Explained

Image
  Hello World! Through this write-up, I’ll try to educate you about OWASP and the OWASP top 10 Vulnerabilities for Web Applications. What is OWASP? OWASP stands for O pen W eb A pplication S ecurity P roject. What does OWASP do? The Internet has connected almost everything to the online world. From making a call to sending messages, making payments, sharing stories, making groups, creating a thread on any topic, and having opinions from various people across the globe and what not! The Internet has made the world a very small place it seems! Now, when you’re spending so much of your time on the internet, it's obvious that your data goes online wherever you sign up. Being a citizen of the modern world, every person who is connected to the internet must know that their data is their ultimate strength and weakness. If in the wrong hands, your data can be used in a way that you cannot even imagine in the wildest of your dreams! Moreover, the recent data breaches and cyber-attacks

Helping Rick find his ingredients: PICKLE RICK CTF

Image
Hello Hackers,  Today we are going to solve the challenge  PICKLE RICK  by  TRYHACKME . So the story goes like this: Our friend Rick has turned into Pickle [Really don't know how he ended up being a Pickle :P] and our goal is to find him 3 Secret ingredients so that he can go back to his original form. Let's jump into the CTF. First things first  CONNECT TO OPENVPN & DEPLOY THE MACHINE😂 We'll see this page as we put the IP address into our browser. REMEMBER:  Whenever you visit a webpage, don't forget to check the source code. Sometimes, developers leave sensitive information such as credentials in the form of comments. You can either do Right-Click --> View page source or press Ctrl+u. You'll see that the username is leaked in the source code of that page! Now let's try to scan the ports and see if we find something interesting. Command used: nmap -sV -A -T5 {ip} You'll see that ports  22 & 80 are open. Wait, can the username be for the ssh

Defeating RootME

Image
Hello hackers, Recently I started practicing on  Tryhackme  and came across this easy yet interesting machine named RootME by  ReddyyZ . I strongly recommend the beginners to try this machine out as it would clear the following several concepts of yours one of them being how to bypass file upload functionality and gain a reverse shell on the target system. Not only that, but you'll also have a basic idea about how privilege escalation works. So without taking up any more time of yours, let's jump into the walkthrough.                                                                                        : TASK 1 : Deploying the machine😅 While some of you might think what madness this is we already know that!! My dear friend, you're free to skip this portion then😊😌. Step 1: Connect to OpenVPN [Check the OpenVPN room so that you have an idea] Command used: openvpn {your openvpn file}   Step 2: Click on Start Machine or Start Attack Box. [ I think you can do this:) ] Step

Networking 101: Subnetting

Image
 Subnetting means dividing a big network into smaller logical networks in order to reduce the complexities that arise if we had to analyze a huge network as a whole. Subnetting is an important part of networking. Subnetting is also an essential part when it comes to CCNA, CompTIA N+, etc. Here the 255.255.255.0 is the subnet. The subnet has 4 parts in which each part consists of 8 bits(1's and 0's) so this 255 is actually made up of 8 bits. If all the 8 1's are active then it becomes 255 and if all 0's are active, it becomes 0. Thus the arrangement of these 0's and 1's determines what that the subnet would be. 128   64   32   16   8   4   2   1        128   64   32   16   8   4   2   1     128   64   32   16   8   4   2   1                       1     1     1    1    1   1   1    1           1     1     1    1    1   1   1    1        1     1     1    1    1   1   1    1                     [255]                                                    [255]