May 2, 2022NahamConCTF — Web ChallengesWhat’s going on hackers, this is Shellbr3ak back again with another CTF write up. Today I’ll be showing how I managed to solve 7 out of 8 web challenges in NahamconCTF. So, without much talking, let’s go. PersonnelNahamconctf18 min readNahamconctf18 min read
Mar 31, 2022XSS — WAF BypassWhat’s going on everybody, this is $hellbr3ak back again with another blog. Today I will be talking about how I bypassed BIG-IP ASM firewall in one of my engagements. As usual the target will be redacted since the pentest is conducted on a client environment. …Waf Bypass7 min readWaf Bypass7 min read
Jan 31, 2022First Time Hacking The CloudWhat’s going on hacker folks, this is shellbreak back again with another blog post, but this time, it will be about how I found my first bug in an azure cloud storage service. The vulnerability was a Massive Information Disclosure due to a publicly accessible container hosted on an azure…Pentesting4 min readPentesting4 min read
Dec 24, 2021TryHackMe — SolarWhat’s going on h4x0rs this is shellbr3ak, and today we’re going to be doing something a little bit different than regular CTFs. As you’ve seen in the news, a very serious 0-day was discovered in the Log4j java logging utility which is a part of Apache Logging Services and also…0 Day Attacks9 min read0 Day Attacks9 min read
Oct 10, 2021DigitalOverDose — CTFHello y’all, this is shellbreak again with another CTF. As I’m working as a web application penetration tester, I focus only on web challenges in CTFs, and in today’s write up, I’m going to showcase how I solved the only 3 web challenges in Digitaloverdose CTF. …Web Hacking6 min readWeb Hacking6 min read
Sep 20, 2021HacktivityconCTF 2021Hello all, this is shellbreak, and today I’m going to showcase how I solved some web challenges in the hacktivitycon CTF 2021, so without much talking let’s just jump in. SwaggyHacktivitycon14 min readHacktivitycon14 min read
May 26, 2021TryHackMe — KenobiWhat’s going on fellas, this is shellbreak back again with another write up about a room called knobi from TryHackMe, which is an easy room that involves a vulnerable FTP server which we’ll exploit to get user access, and then we find that there’s a SUID binary that we can…Tryhackme Walkthrough8 min readTryhackme Walkthrough8 min read
May 25, 2021TryHackMe — VulnversityHello guys, what’s going on, this is shellbreak, and today we’re gonna be doing Vulnversity from TryHackMe which is a pretty simple and straightforward machine that involves a File Upload vulnerability to get a shell, and once we get a shell on the box we notice that there’s an unusual…Oscp Preparation8 min readOscp Preparation8 min read
May 20, 2021TryHackMe — BlueHello guys, what’s going on , this is shellbreak, and today I’ll be doing the Blue room from TryHackMe, which is a pretty easy and fun room that demonstrates how to exploit “eternal blue” vulnerability that affected SMB servers back in 2017. EternalBlue is a cyberattack exploit developed by the…Tryhackme Walkthrough5 min readTryhackme Walkthrough5 min read
May 19, 2021How I found my first Cross-Site Scripting VulnerabilityHello all this is shellbreak, back again with another story of a bug I found apart from CTF challenges. Since this vulnerability was found on a real website, I won’t be mentioning the domain on which I found it, so I’ll use https://example.com …Infosec3 min readInfosec3 min read
