Collaborate Disseminate
"Update my email" page has 2 fields: the new email and the current password.
I cannot find the correct way to protect against user enumeration if there’s an error on the email field:
if I silence the error users wont know if the… Continue reading "Update my email", best way to prevent enumeration?
I’m working on a lab on PortSwigger.com titled Username enumeration via different responses. While using ffuf to solve the lab, the output keeps returning a 400 status code.
So far this is what I’ve tried. Here is the request payload file,… Continue reading FFUF command returns status code 400, regardless of mode option: clusterbomb, pitchfork, sniper
So I am resolving room Wekor at tryhackme. The room says we need to use the domain "wekor.thm". So I added the domain to /etc/hosts
There is a hidden subdomain site.wekor.thm. I’ve already read the walkthrough.
When I tried to … Continue reading Gobuster doesn`t work properly
A website allocates random file names to uploads and I am trying to enumerate through the folder that the files are uploaded to using Gobuster.
I know the extension of my file type, but not the file name. Is there a way to invoke the -x fl… Continue reading How to search for any file with a specified extension using Gobuster
I’m using CrackMapExec smb in order to look for smb-enabled machines.
I got some results but it doesn’t list all the machines of the IP range and it also lists machine that have signatures enable and smb1 disabled.
What are the triggers th… Continue reading CrackMapExec doesn’t list properly [closed]
How to scan directories in a website for a word/string?
Example
https://example.com/1
https://example.com/2
https://example.com/3
https://example.com/4
https://example.com/5
And so on, until it gets to https://example.com/73 or if it … Continue reading How to scan directories in a website for a word/string [closed]
I’m playing with a webapp CTF for fun/learning. The backend is using Golang’s net/rpc library to provide frontend access to what I think are database operations. The problem is I don’t know what the exported services, and as such don’t kn… Continue reading Enumerate Golang net/rpc Port?
I’m playing with a web app CTF for fun/learning. The backend is using Golang’s net/rpc library to provide frontend access to what I think are database operations. The problem is I don’t know what the exported services are, and as such, do… Continue reading Enumerate Golang net/rpc Port?
I tried the below command using gobuster with the option ‘-x’ and tried to pass a list of extensions in a file:
gobuster dir -u TARGET_URI -w /usr/[…]/dirb/common.txt -x /usr/share/[…]/raft-small-extensions.txt
When I tried the above … Continue reading How to pass a list of extensions as a file to enumerate files/directories based on extension using gobuster? [closed]
Eepsites are similar to Tor’s hidden services, but based on the I2P anonymity network.
Named eepsites use central registrars like stats.i2p and no.i2p. Each eepsite also has a b32 domain which is a base32-encoded string that is used to con… Continue reading Is it possible to enumerate registered eepsite (I2P) subdomains?