Recent Posts

Pentestit Lab v10 - Blog Token (6/13)

In my previous post “Pentestit Lab v10 - Store Token (5/13)”, we took a step back to map the attack surface of the Store Web Application, utilized the compro...

Pentestit Lab v10 - Store Token (5/13)

In my previous post “Pentestit Lab v10 - SSH-Test Token (4/13)”, we utilized the compromised gw machine to pivot into the internal network, used previously c...

Pentestit Lab v10 - SSH Token (3/13)

In my previous post “Pentestit Lab v10 - Site Token (2/13)”, we mapped the attack surface of the GDS Blog, exploited a SQL Inject while bypassing the WAF fil...

Pentestit Lab v10 - Site Token (2/13)

In my previous post “Pentestit Lab v10 - Mail Token (1/13)”, we attained usernames through Intelligence Gathering, brute forced the SMTP Service, attained lo...