Intercepting_communication

Denial of Service

Be patient… you need to find the right balance where you overwhelm the server but not your machine.

  • Sometimes your flag might get lose in errors so either save the output to a log or grep it directly.

The rest of the challenges

After these challenges, you need to craft raw packets using scapy. The documentation is linked in the module. Check out portswigger

[Read more]

Web Security

Path Traversal

  • The description is more than enough to solve these. This might seem very simple but it happens more often than you think
  • curl hates relative paths, it will resolve paths automatically, read the man pages to know more.I would recommend using python for testing.

Command Injection

  • The only hint for level 6: Think of every character you can use. Think about how you run multiple commands in your terminal or in a bash script

SQL injection

  • If you understand how SQL injection works, you’ll breeze through these, if not, watch the lecture video again

XSS

Before trying anything, cat the source code and understand what it’s doing.

[Read more]