Fares Elsadek – Medium

Aug 22

My First Bug: How I Was Able to Bypass the WAF and Uncover a Reflected XSS

Hello everyone, I’m Fares. Today, I’ll share the story of how I successfully identified a reflected XSS vulnerability within a public bug bounty program. To begin with, I followed my usual process of uncovering subdomains, employing tools like Subfinder, assetfinder, and more. subfinder : subfinder -d $domain -all > subdomains.txt …

Xss Attack

3 min read

My First Bug: How I Was Able to Bypass the WAF and Uncover a Reflected XSS

Xss Attack

3 min read

Aug 6

HackTheBox Writeup — Two Million

This box was presented at the Hack The Box on 07 Jun 2023 by TRX & TheCyberGeek Let’s get started! Reconnaissance Run a Nmap scan that scans all ports. nmap -T4 -A -p- 10.10.11.221 We get the following result. Nmap scan report for 2million.htb (10.10.11.221) Host is up (0.16s latency). Not shown: 998…

Hacking

7 min read

Hacking

7 min read

Jun 22

HackTheBox Writeup — PC

This box was presented at the Hack The Box in May 2023 by sau123. Let’s get started! Reconnaissance Run a Nmap scan that scans all ports. nmap -A -p- -Pn -T4 10.10.11.214 We get the following result. Nmap scan report for pc.htb (10.10.11.214) Host is up (0.13s latency). Not shown: 65533 filtered tcp…

Hackthebox

6 min read

Hackthebox

6 min read