Solution for Zippy task from Confidence Dragonsector CTF.

4 little bugs in the Kallithea software that make it possible to access someone else's data.

file_exists - a function that checks if a file with the given name exists on the hard drive. Could such a simple functionality be harmful?

Do you work with a lot of linux servers? Do you log in to each of them using your ssh key? On the one hand, you would like to change it more often, but on the other, the overwhelming amount of work associated with changing certificates on many servers discourages you? In today's episode of 'from 0 to pentesting hero', we will take a look at how Netflix solved this problem.

Spring Boot Actuator is a tool that allows us to monitor our application built with spring. We can quickly measure various metrics and monitor traffic on our server or check the status of our database. All this thanks to simple rest endpoints.

You want to check which of them belong to the administrators and which are the accounts of ordinary users. Unfortunately, the account type is displayed on a different subpage than the one returned by the server after logging in.

To send requests, you use the Repeater tool built into the Burp. Unfortunately, the session lifetime on the site is set to a very low value. You are logged out way too often. You must log in again to continue your work.

Repeater is one of the most frequently used part of Burp Suite. But there is plenty of hidden features there. Do you know all of them?