Aymen EL Haski (Jakom)

Oct 8, 2021

Glimpse Into Web Penetration Testing

A web penetration testing example, that I did me and @Edd13Mora in our free time, for beginners to have an idea about websec. Our target is a PHP web application, which gives you great tools that you can use on XXX and XXX, such as the one that gives you…

Writeup

3 min read

Sep 19, 2021

My attempt to reverse the Discord nitro token generation function, Part 1.

The Nitro generation tools thing is common in Discord now, but none of the tools actually works, so I decided to take it to the next level, and reverse the actual tokens in hopes of finding a better way of generation. - NOTE: This is just for research, I will…

Hacking

4 min read

My attempt to reverse the Discord nitro token generation function, Part 1.

Sep 19, 2021

CVE-2019–5420

A vulnerability can allow an attacker to guess the automatically generated development mode secret token. Ruby-on-Rails when it is running in development mode. In development mode, it is possible for an attacker to guess the key used to secure the sessions. Decryption: Key Generate: Rails uses 3 environments (development,test,production), when an application uses…

Cve

2 min read

Sep 19, 2021

CVE-2018–18925

Exploitation of CVE-2018–18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework. The system used to manage session is very similar to what PHP does. The session identifier in the cookie is mapped to a file on the file system. When…

Cve

3 min read