webshells - Tacos and Security

Tacos and Security

Sign in Subscribe

webshells

A collection of 3 posts

Remembering Input Validation and Error Handling

As you may know, I've been working on a script that has a working title of EZShellz, or something to that effect. It's not totally official, but it seems to be sticking at this point, so that may become its permanent name. Anyway, I've been working on it a bit

Bypassing File Upload Restrictions with Magic Byte and a Hex Editor

This is a pretty cool, but easy, trick I learned today when working on a challenge. We've talked a bit about Magic Byte in the past when we did Networked on HTB [https://danielxblack.ghost.io/hack-the-box-networked/]. Basically, it's a string that indicates a file type. You can check out

Cool new trick I learned to transfer files to Windows boxes

My buddy Julian and I are both on the road to OSCP. We've been setting up study sessions where we attack boxes from TJ Null's list of OSCP-like boxes [https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#] . It's a live list that's always growing. Worth checking out if