Recent Posts

Pentestit Lab v10 - Captcha Token (7/13)

In my previous post “Pentestit Lab v10 - Blog Token (6/13)”, we further utilized the gw machine to pivot into the internal network and access the Blog via an...

Pentestit Lab v10 - Blog Token (6/13)

In my previous post “Pentestit Lab v10 - Store Token (5/13)”, we took a step back to map the attack surface of the Store Web Application, utilized the compro...

Pentestit Lab v10 - Store Token (5/13)

In my previous post “Pentestit Lab v10 - SSH-Test Token (4/13)”, we utilized the compromised gw machine to pivot into the internal network, used previously c...

Pentestit Lab v10 - SSH Token (3/13)

In my previous post “Pentestit Lab v10 - Site Token (2/13)”, we mapped the attack surface of the GDS Blog, exploited a SQL Inject while bypassing the WAF fil...