This all started with a when I was hunting on a private program; I found a few subdomains of almost similar UI and requests but different title. To access the subdomain login was required with no sign of creating an account. I tried injection and other basic things. When I tried for Host Header Injection, I saw a similar approach made by all those subdomains to redirect to the particular host if it exists or default back to the website(whose service was running on these subdomains).
When the apiserver is proxying a request to a node though one of its addresses, it performs a filter validation. If the address type is a DNS record (Hostname, ExternalDNS, InternalDNS), the apiserver performs two DNS queries, one for filter validation, another for proxying the request. If the attacker sets the hostname to a custom DNS server, that is able return different values with zero TTL, it is possible to bypass that filter.
The purpose of this guide is to view Active Directory from an attacker perspective. I will try to review different aspects of Active Directory and those terms that every pentester should control in order to understand the attacks that can be performed in a Active Directory network.
A few months ago I was exploring the write-ups and video solutions for the retired HackTheBox machine – Quick. It’s during this exploration that I came across HTTP/3. For those that are not aware, HTTP/3 is the upcoming third major version of the Hypertext Transfer Protocol used to exchange information on the World Wide Web, succeeding HTTP/2.
HTTP Parameter Pollution (HPP) is a type of injection attack that occurs when a target system accepts multiple parameters with the same name and handles them in a manner that might be insecure or unexpected. This type of vulnerability can be found on both the server-side and client-side.
FoldFold allExpandExpand allAre you sure you want to delete this link?Are you sure you want to delete this tag?
The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community