While my exploration into SQL injection and NTLM hash theft is a culmination of my insights and experiences, it’s deeply rooted in the pioneering research done in this domain over the past few years. I highly recommend diving into the references provided for those seeking a more granular understanding. The Hidden Threat in Plain Sight…
the blog.
A simple Data Exfiltration!
Yes, another XXE attack but with the help of a Microsoft Excel file. Without any further due, let’s get started! XXE Attack: I precisely copied what is XXE from the internet and pasted it in my previous blog post, “A journey from XML External Entity (XXE) to NTLM hashes!“. If you want to know about…
A journey from XML External Entity (XXE) to NTLM hashes!
We will start this blog post with an XML External Entity attack. Furthermore, we will discuss how I was able to capture NTLM v2 hashes using responder and evil-ssdp with the help of that XXE vulnerability. XXE Attack: There is a web security vulnerability that allows an attacker to mess with an application’s XML processing….
Any Account Takeover Through Privilege Escalation
Hello, I was eagerly waiting to share this with you! 🙂 Due to the two reasons. It’s Account Takeover And I wanted to tell you, “How Important is to revisit your old target to pwn the new features!” I have already shared one of the write-up on Privilege Escalation on Facebook’s product! If you haven’t…
Vertical Privilege Escalation in Facebook’s Workplace!
Hello, I’m Shubham and I have decided to share my finding on one of Facebook’s products “Workplace”! More about Workplace! Workplace is a communication tool that connects everyone in your company, even if they’re working remotely. Use familiar features such as Groups, Chat, Rooms, and live video broadcasting to get people talking and working together….