Hackademic

Hackoween CTF Solution

Yash — Fri, 20 Oct 2023 17:47:34 +0000

Recently, I participated in a CTF called “Hackoween”, which was from 10th October to 15th October 2023. It contained mostly web challenges, but also included a few fun OSINT challenges. Here’s the writeup for the same.

Source

BugPoC “Wacky XSS Challenge” Writeup

Yash — Wed, 11 Nov 2020 10:39:13 +0000

Hi! Hope you’re doing good. This challenge used many techniques and I learnt a lot of things from it. Thanks to BugPoC for making this challenge. Let’s get started. This was the link for the challenge: https://wacky.buggywebsite.com/. It looks like this when we open it: It contains an iframe to https://wacky.buggywebsite.com/frame.html?param=Hello,%20World! which just prints the text in the param...

Source

Adding Undo/Redo functionality to Java Swing/Burp Extension

Yash — Sat, 28 Mar 2020 08:41:16 +0000

While going through some extensions, I realized that most of them don’t have the undo and redo functionality. So after searching the internet, I have made a small function to do the same. Just call that function with the first parameter as your TextArea/TextView. Github Gist: https://gist.github.com/yashrs/e4e064f036157dbbb0675bee6d88caee Thanks for reading! Hope you learnt something new...

Source

Creating your first buffer-overflow in x64 machines

Milind Purswani — Sat, 13 Jul 2019 12:00:26 +0000

If you have no experience of Python, C/C++ or Bash, I recommend you check my previous post. Moreover, you will also learn about some basics of buffer-overflow and understand the attack that we are going to create today. Let’s get started with our 1st overflow. I will try to keep things as simple as possible. The first thing we need to do is disable Address Space Layout Randomisation (ASLR ).

Source

Getting Started with BufferOverflow in x64 machines

Milind Purswani — Mon, 01 Jul 2019 10:39:59 +0000

This is blog post will lay the foundations to buffer-overflow. I recommend you read this blog first before going to the practical session which is followed in another post. A buffer overflow, or buffer overrun, is an anomaly where a program while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations. Buffers are areas of memory set aside to hold data...

Source

How a classical XSS can lead to persistent ATO Vulnerability?

Milind Purswani — Wed, 19 Jun 2019 17:42:36 +0000

Hello Hunters, XSS (Cross Site Scripting) is really one of the most common bugs that we have found atleast once somewhere The thing that is not common is how we report it? Most of the Bug Bounty Programs asses the severity of an issue by considering the worst case impact that a particular POC can demonstrate. For instance, an e-commerce site will not consider a CSRF vulnerability, that can lead to...

Source

How I could have hijacked a victim’s YouTube notifications! (Google VRP Writeup)

Yash — Tue, 26 Mar 2019 15:21:10 +0000

Hi, So this is my first writeup, I hope you enjoy it! I was just searching around on YouTube if I could find anything but I was really tired and it was 12:30 in the night. I was poking around and I turned on my notifications on YouTube. This was the request that was going: You might guess where I am going with this! At first glance, seeing all those parameters like auth_key, p256dh_key, endpoint...

Source

Getting Started with Angular Development

Yash — Fri, 25 Jan 2019 20:15:25 +0000

Well there are 2 Angular versions: First is AngularJS and other is Angular2+. In this tutorial series we will see the power of Web Apps made by Angular and leverage it. This post will show you how to install and run your first HelloWorld App with AngularS Welcome to Angular! Angular helps you build modern applications for the web, mobile, or desktop. This guide shows you how to build and run a...

Source

Android | Enable Full screen option when loading YouTube or any video in WebView

Yash — Thu, 26 Jul 2018 18:25:34 +0000

I was developing an Android application based on 11th and 12th Std Science Practicals, Physics and Chemistry( Gujarat Board and CBSE Board), which involved showing YouTube videos inside WebView. I know that we should use YouTube Official API for the best integration, but sometimes it just wastes lots of time when we are developing apps. We need to use some quick hacks for easy solutions which work...

Source

Do cool stuff with Python | Part 2 | Get started with Anaconda and Jupyterlab

Yash — Tue, 22 May 2018 08:34:15 +0000

Have you ever wondered how to quickly parse data and get the best out of it ? Well, you are at the right page then! Without wasting any time let’s get started. If you encounter any issues while setting up, please comment and we will help you out. Download Anaconda from here. Install it. After installation, open Anaconda Navigator. It should look like this: Getting started with Python Code -> Open...

Source