Open in app
Home
Notifications
Lists
Stories

Write
Aymen EL Haski (Jakom)
Aymen EL Haski (Jakom)

Home

Oct 8, 2021

Glimpse Into Web Penetration Testing

A web penetration testing example, that I did me and @Edd13Mora in our free time, for beginners to have an idea about websec. Our target is a PHP web application, which gives you great tools that you can use on XXX and XXX, such as the one that gives you…

Writeup

3 min read


Sep 19, 2021

My attempt to reverse the Discord nitro token generation function, Part 1.

The Nitro generation tools thing is common in Discord now, but none of the tools actually works, so I decided to take it to the next level, and reverse the actual tokens in hopes of finding a better way of generation. - NOTE: This is just for research, I will…

Hacking

4 min read

My attempt to reverse the Discord nitro token generation function, Part 1.
My attempt to reverse the Discord nitro token generation function, Part 1.

Sep 19, 2021

CVE-2019–5420

A vulnerability can allow an attacker to guess the automatically generated development mode secret token. Ruby-on-Rails when it is running in development mode. In development mode, it is possible for an attacker to guess the key used to secure the sessions. Decryption: Key Generate: Rails uses 3 environments (development,test,production), when an application uses…

Cve

2 min read

CVE-2019–5420
CVE-2019–5420

Sep 19, 2021

CVE-2018–18925

Exploitation of CVE-2018–18925 a Remote Code Execution against the Git self hosted tool: Gogs. Gogs is based on the Macaron framework. The system used to manage session is very similar to what PHP does. The session identifier in the cookie is mapped to a file on the file system. When…

Cve

3 min read

CVE-2018–18925
CVE-2018–18925
Aymen EL Haski (Jakom)

Aymen EL Haski (Jakom)

Web Penetration Tester

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable