Welcome to Legacy write up! If you have not done the box Blue, I would recommend you do that box first. This box, is very similar to blue and you can most likely get this box on your own following the same methods as blue. To start off this box, I run a couple of […]
Welcome to the write-up for the retired box Blue! This is another one of those simple boxes, that is great for new people to get familiar with looking at nmap results and using metasploit. I start this box just like I would start any box, nmap scans! This first scan, is really just used to
When your first starting out one of the hardest things you will find, is what to study, and where to study. I wanted to make this list of resources to help other people who are interested in learning easier to know what to study and what to look into. As time goes, I will be
So, after learning the Linux terminal my father recommended that I learned nmap. What it is, how it works, and how to use it. At first I didn’t realize how important this tool was to learn until I really started working on hackthebox, and other labs. Nmap is that one tool that you need to
Are you ready to hack the box Lame! This is one of the best boxes, for anyone who is new, hasn’t done a box before, or even really done any hacking before. This serves as a great box for new people, because of how incredibly simple it is to exploit and gain a root shell.
This website is a my way of getting feedback as well as provide information for anyone who is in this field or is looking to get into it. This website will be developed over time and is not my first priority, but I will be posting write-ups for the website Hackthebox, which has been a
About this website Read More »
Welcome to my Website! I would love to introduce myself and give you guys some background on me. So I go by the handle MysticHack, and I am a 22 year old who is currently an intern studying ethical hacking. I would like to start off by saying that I could not get here without
MysticHack – Introduction Read More »
We will first take a look at what OWASP has to say on the threat agents and attack vectors. “Exploitation of access control is a core skill of attackers. SAST and DAST tools can detect the absence of access control but cannot verify if it is functional when it is present. Access control is detectable
Broken Access controls Read More »
For this vulnerability, all of the provided material is within this course from Portswigger Web Academy here. I also added in the information provided by OWASP to get a solid understanding of this vulnerability. OWASP To start this off, we need a solid understanding of this vulnerability before we do anything else. We will start
XML External Entities Read More »
Port swigger does not have any material regarding this so I will be using the one provided by OWASP. In short, Sensitive Data exposure is anytime sensitive information is not adequately protected. This can stem from Broken authentication, phpinfo pages, as well as improper handling of sensitive data being transmitted. To really understand this vulnerability
Sensitive Data Exposure Read More »