-
43 votes
-
Critical 0day in WebP: Google assigns a CVE for libwebp and gives it a 10.0 base score.
28 votes -
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046)
20 votes -
Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package
18 votes -
CVE-2021-3156 - How sudo on Linux was hacked
14 votes -
Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information
10 votes -
Learning to pentest
Hi, I need your help to learn pentesting. I'm programming for several years. I'm really good in C# and can write moderately complex apps in Dart, Python and JavaScript. I'm in highschool and work...
Hi, I need your help to learn pentesting.
I'm programming for several years. I'm really good in C# and can write moderately complex apps in Dart, Python and JavaScript. I'm in highschool and work for software development company as backend developer. But general programming starts to feel so boring...
I've started to watch LiveOverflow on youtube (no link, there is no wifi here and I don't want youtube to drain my data) and it was so interesting - so I tried it. I've tried few CTFs, read many writeups, and now I've discovered CTF hack the box.
When I know what to do, I have no problem googling and researching and later applying my knowledge. But I often discover, that I just don't know what I don't know.
There is one CTF challenge that I haven't completed yet. It's 20 line html page, no javascript, nothing suspicous. No cookies. It has just form with password input, which sends post request to server. Here's the problem - how do I get the flag (the password)? I can bruteforce it, but it clearly isn't the correct way. I know that the php runs on apache, debian. I've tried getting some files, I've tried going up (
../
), sql injection, nothing works.And here's the general problem - what am I missing? What to learn? What should I google? I don't want ideas what I'm missing on this one example - Instead I need some sources where I learn generally about vulnerabilities I can exploit. Some blog, some website, something like this.
Could someone here recommend me some sources where I learn about this? How did you start and what things do you generally check when you face something you have to break into?
Thank you
16 votes