Introduction

Hello All

Welcome to Practical Demonstration of Web Application Hacking here we are going to learn about various web vulnerabilities and how to hunt them on a target and how to exploit them .

Before we begin to hunt we should choose a target that is in scope here we are going to choose our target as OWASP (Open Web Application Security Project) Juice Shop Project which is an insecure web application.

When we hunt, it’s important to look at every target in it’s own right. We are going to look at the OWASP juice shop. In this demonstration you…


What is it

IDOR: Insecure Direct Object Reference

Photo by Muhannad Ajjan on Unsplash

These types of vulnerabilities arise from acces control issues. We will devote another entire chapter to those types of vulnerabilities. The term IDOR was made popular in by appearing in the OWASP top 10 but in reality it’s simply another type of Broken Access Control issue. IDORs can manifest in both horizontal and vertical privilege escalation. To speak of an IDOR, the following conditions have to be met:

  • An object identifier exists in the request, either as GET or POST parameter
  • A Broken Access Control issue has to exist allowing the user access to data…

Introduction

This may be obvious but XSS is one of my favourite vuleranbility types because of the depth and complexity. It all seems so super simple but when you really get down to the core of XSS there is a world of wonder to explore. Besides the different types of XSS ( Being reflected, stored and DOM — blind XSS is another form of stored XSS ) there are also a lot of different contexts which most people seem to glance over completely. …


Introduction

When we talk about directory brute forcing we are in essence trying to guess the directories of our target’s webserver. We know that there is a webserver running and we might even have access to certain pages like /login.php which is guarding some juicy loot or we might just see that there is an IIS server running and we want to explore it some more. Whatever the case may be, we can approach this issue using several attack strategies.

This is something that we always do automated as trying to guess possibly millions of directories and check them manually can…


Introduction

What would you feel like if i asked you to wake up in pain and go to sleep in pain every single day for the rest of your life and you could feel it getting worse every day and you know that medicine isn’t really that far so they can only give you painkillers.

This is my strange reality and i wanted to share a glimpse of it with you all in the hopes of reaching some that feel very very lonely and neglected at the moment. I want to reach out and ask you to never give up.

How did it all get started?

All…


What is it

CSRF — Cross site request forgery

CSRF is an attack technique that attempts to circumvent a defensive technique that is marked by CSRF tokens.

Say you are a website builder and you are creating a new website. You create the profile section which allows you to update your address. Now along comes a bad actor. They analyse the request and are able to forge it. They create their own website and they put a button on there which will call the profile section of your website and which will update the address.

This means that the attacker can update my…


Introduction

Yesterday i wrote the story of how i became an amazing hacker but i realise not everyone is the same or learns in the same way which is why i wanted to write an extremely detailed guide so that i could reach the broadest possible audience.

Photo by Jonathan Chng on Unsplash

I decided to divide the topics into different level of experience. This seems like the best way to do it so that you can easily pick a starting point.

With all of this information i have to stress that the very first thing anyone should learn when they want to get into hacking is…


Introduction

A lot of people have been asking me what it takes to become a hacker and they have been asking since the day i started becoming a public figure. To address this issue ones and for all i have decided to write this article. I hope this can help some people who feel a bit lost and also maybe some professionals who have taken to a certain career path like malware analysis and want to see a different side of the coin.

I will start with outlining my own story and path but i realise everyone is different so i…


Introduction

XXE is one of my favourite attack types because it’s usually hidden below a surface level concealment. We all know that almost nobody uses XML files anymore these days as JSON has taken over and even YAML. Yet the fact XXE appears in the OWASP top 10 of 2017 does say something about this vulnerability type.

Today we are going to look at all the possible attack vectors that we can think of, both from the perspective of a pentester and of a bug bounty hunter. …


Introduction

I feel like a lot of mystery surrounds this topic. A lot of people seem to wonder which data is sensitive when exposed. Some people seem to think every single API key disclosed in a JS file is a vulnerability but ofcourse this is not the case! Some API keys are supposed to be used by XHR requests and they are supposed to be public. When it comes to information disclosers we always have to keep in mind that what we see should be private and even then it’s not guaranteed to be a vulnerability. Depending on which viewpoint you…

Thexssrat

No b*llshit Hacking tutorials with extreme value in short bursts

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store