Hackholics

addicted to hacking

Page 3 of 3

Detect Operating System by Using Ping Command

Ping is a network administration software utility, which used to identify the availability of a host on a Network. Ping working by sending ICMP echo request packets to the target host and waiting for a ICMP echo reply. TTL is… Continue Reading →

What is Same Origin Policy (SOP)

One of the most important and critical points of web application security is the same origin policy‍ . This policy‍ prevents a script or a document from getting or setting properties of another document that comes from a different origin…. Continue Reading →

Reflected XSS

The above code is vulnerable to reflected xss but is has some filtering on it. Try to bypass it and excecute a javascript code <?php         $NAME=$_GET[‘name’];         $NAMESAN=strtoupper(htmlspecialchars($NAME));         echo “<HTML><body>”;         echo ‘<form action=””>’;         echo “First name:… Continue Reading →

Stored XSS

This code is vulnerable to xss , can you spot where it is and how to exploit it ? $name    = trim( $_POST[ ‘name’ ] ); $name = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $name ); $message = preg_replace( ‘/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t(.*)>/i’, ”, $message );… Continue Reading →

USV-2016 CTF

This VM, provided by VulnHub Flags: There are 7 flags that should be discovered in form of: Country_name Flag: [md5 hash]. In CTF platform of the CTF-USV competition there was a hint available for each flag, but accessing it would… Continue Reading →

Web Application attack surface

The attack‍ surface‍ is the area of our web application‍ test in which we have to put all of our efforts. The more we know about the target, the wider the attack surface will be and us result more chance… Continue Reading →

Newer posts »

© 2017 Hackholics — Powered by WordPress

Theme by Anders NorenUp ↑