• Activity
  • Votes
  • Comments
  • New
  • All activity
  • Showing only topics with the tag "pentesting". Back to normal view
    1. Learning to pentest

      Hi, I need your help to learn pentesting. I'm programming for several years. I'm really good in C# and can write moderately complex apps in Dart, Python and JavaScript. I'm in highschool and work...

      Hi, I need your help to learn pentesting.

      I'm programming for several years. I'm really good in C# and can write moderately complex apps in Dart, Python and JavaScript. I'm in highschool and work for software development company as backend developer. But general programming starts to feel so boring...

      I've started to watch LiveOverflow on youtube (no link, there is no wifi here and I don't want youtube to drain my data) and it was so interesting - so I tried it. I've tried few CTFs, read many writeups, and now I've discovered CTF hack the box.

      When I know what to do, I have no problem googling and researching and later applying my knowledge. But I often discover, that I just don't know what I don't know.

      There is one CTF challenge that I haven't completed yet. It's 20 line html page, no javascript, nothing suspicous. No cookies. It has just form with password input, which sends post request to server. Here's the problem - how do I get the flag (the password)? I can bruteforce it, but it clearly isn't the correct way. I know that the php runs on apache, debian. I've tried getting some files, I've tried going up (../), sql injection, nothing works.

      And here's the general problem - what am I missing? What to learn? What should I google? I don't want ideas what I'm missing on this one example - Instead I need some sources where I learn generally about vulnerabilities I can exploit. Some blog, some website, something like this.

      Could someone here recommend me some sources where I learn about this? How did you start and what things do you generally check when you face something you have to break into?

      Thank you

      16 votes
    2. What's the policy on bug hunting?

      I'm sure as tildes gets bigger, security will continue to be a matter of discussion. The dev GodEmperors of tildes have (quite awesomely) taken a big position on security already by disallowing...

      I'm sure as tildes gets bigger, security will continue to be a matter of discussion.

      The dev GodEmperors of tildes have (quite awesomely) taken a big position on security already by disallowing breached passwords from being used.

      I'm not much of a hacker myself, but it's an armchair interest and I'm sure others more skilled would love to be able to give back to Tildes and help keep the site as secure as possible.

      What's the policy on bug hunting, and searching for exploits?

      Thanks!

      14 votes