[zero code] LFI and Arbitrary file download exploits on Mth3l3m3nt Framework

LFI, OWASP Mth3l3m3nt, pentest, Web Attacks

This simple post will take you through the process of adding an arbitrary file download exploit to mth3l3m3nt ; so yes no excuse to not have a working PoC for LFI or arbitrary file downloads because “I can’t code”. We will use the case of WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download whose process of coming […]

John The Troll (CTF – Africahackon) – Key 2

Crypto Stuff, ctf, OS, pentest, Uncategorized, Web Attacks

After the previous article we got the first key. Now for the second key we needed to move a notch higher into the system. We had a loot.dic so the best option seeing we only have the web application facing us so far would be bruteforcing it. root@mth3l3m3nt:~# wpscan -u -U hacker123 -w ~/loot.dic […]