This time I felt incredibly confident. I was no longer tripped up on what an MD5hashsum is or SQL syntax. I was ready.
And I was ready! I completed every 'easy' and 'medium' task and half of the 'hard' and 'difficult' tasks.
Unfortunately I didn't take any notes on this one and only remember discovering that linux saves your bash commands. I knew about the 'history' command but didn't realize there was a whole .bash_history file saved to the user profiles.
I was glad that this time, I knew how to use URL encoding to bypass path traversal filters in BurpSuite and how to exploit an XSS vulnerability to hijack the admin session.
And I was ready! I completed every 'easy' and 'medium' task and half of the 'hard' and 'difficult' tasks.
Unfortunately I didn't take any notes on this one and only remember discovering that linux saves your bash commands. I knew about the 'history' command but didn't realize there was a whole .bash_history file saved to the user profiles.
I was glad that this time, I knew how to use URL encoding to bypass path traversal filters in BurpSuite and how to exploit an XSS vulnerability to hijack the admin session.