zacheller@home:~/blog$

  • Defend the Web - SQLi

    SQLi 1 / SQLi This is a basic challenge which accepts a lot of answers. You can just use ' OR 1=1 ;-- to complete it. SQLi 2 / SQLi This is a little more involved. We start with a login form and a “Browse members” section. When we select...

  • TryHackMe - OhSINT

    What information can you possible get starting with just one photo? Steganography We start by downloading the WindowsXP.jpg screensaver. The most obvious thing to check is the handle in the copyright. Once that is exhausted, we can check the GPS position. Copyright : OWoodflint GPS Position : 54 deg 17’...

  • OWASP Juice Shop v9.3.1 - 2 Star Solutions

    Admin Section Access the administration section of the store. Navigate to http://10.10.50.111/#/administration Admin can see list of registered users, non-logged in cannot. Emails email admin@juice-sh.op jim@juice-sh.op bender@juice-sh.op bjoern.kimminich@googlemail.com ciso@juice-sh.op support@juice-sh.op morty@juice-sh.op mc.safesearch@juice-sh.op J12934@juice-sh.op wurstbrot@juice-sh.op amy@juice-sh.op bjoern@juice-sh.op bjoern.kimminich@owasp.org Recycling Requests User Quantity Address Pickup Date 2 800 Starfleet HQ, 24-593 Federation...

  • Defend The Web - Assorted Challenges

    24 bit Download the file. Change the filetype and open it. Beach I first downloaded the image and ran exiftool on it. There were two fields that stuck out to me. $ exiftool b4.jpg | egrep 'Artist|User' Artist : james User Comment : I like chocolate First guess was the...