advent of cyber

I took a break from TryHackMe and the Advent of Cyber because the last couple of weeks before the holidays were extremely busy and I was pretty burned out with tech. I ended up spending most of the holidays away from my PC and

Difficulty: Medium Exploits Explored: SQL injection Tools: BurpSuite, SQLMap Sticking Point: Exporting captures from BurpSuite to SQLMap Something Learned: Combining BurpSuite and SQLMap Day 5's challenge involves breaking into Santa's forums using SQLi and dumping the database to find the hidden flag.  I got

Difficuly: Easy Tactics Explored: fuzzing and bruteforcing URL paths Tools: GoBuster and WFuzz Sticking point: passing data to API Something learned: Fuzzing something other than passwords This image was pretty cool for the victim site.Todays challenge is my favorite so far.  Story wise

Difficulty: easy Tactics Explored: Attacking a login form with Burpsuite Sticking Point: Only start the Burpsuite capture before entering the credentials. The instructions confused me and I kept trying to capture when initially visiting the page. Capture password details that I entered. I tried

Difficulty: very-easy Vulnerability Explored: reverse shells Sticking point: Trying to copy and paste my flag from my attack machine to tryhackme.  Turns out you can access the attack machines clipboard in the left sidebar :) only slightly spoiler-ish. The flag isn't shown.The theme of

Difficulty: very easy Theme: Loved the elf & santa theme Where I got stuck: The question where you're asked what format the data is stored in for the cookie.  It came down to Javascript and how JS stores data. Tryhackme.com released their Christmas