By Far the easiest way to flash ROM that I have come across is using SP Flash tool.

Prerequisite for Flashing ROM are as follows:

  1. Mobile phone to Flash ROM on.
  2. PC.
  3. SP Flash tool.

Step 1: Download and Install SP Flash tool.

SmartPhone FlashTool is working with MediaTek Android smartphones (MTK based)SmartPhone FlashTool is working with MediaTek Android smartphones (MTK based)SmartPhone FlashTool is working with MediaTek Android smartphones (MTK based)

Image for post
Image for post

Step 2: Download the Firmware to Flash.

Download the firmware unzip the firmware and browse in the image folder.

There you will find XXXX_scatter.txt file.

File name will end as scatter.txt. …


Image for post
Image for post

Rooting Android device latest method using Magisk Manager:

Prerequisite:

  1. fastboot installed on your desktop.
  2. Magisk Manager installed on your mobile device.
  3. Firmware of the Device.

Disclaimer: Your device might get bricked in the process and the author doesn’t take any responsibility for any losses to the reader.

Step 1: Download the firmware from official website of your mobile corresponding to your device model.

Step 2: Go to folder “image” and copy the “boot.img” file to the “internal Storage” of the device

Step 3: Install latest “Magisk Manager” Application in the phone.


Hello Guys, This is the walkthrough of the recently retired HackTheBox Machine.

It’s an easy linux Box. So, Without wasting anymore time let’s start with the Writeup.

Image for post
Image for post

Starting with the nmap scan:


Image for post
Image for post

Lame is another easy Box from HackTheBox, based on Linux OS.

This is my third writeup in the series OSCP like Boxes.

This is the manual exploit of a retired box from “HackTheBox”.

Let’s start with our very first step to enumerate open ports using nmap scan.


Image for post
Image for post

Let’s start with our first step:

Open Ports enumerations using basic nmap scan.


Image for post
Image for post

IP of the Machine: 10.10.10.40

Let’s do a Nmap scan to enumerate the ports open and services running:

Command: nmap -A 10.10.10.40


Image for post
Image for post

Today We’re going to solve HackTheBox Retired machine DEVEL.

Devel is a windows machine.

Now without wasting much time on theory, let’s get a hands on.

Step 1: nmap scan
nmap -sC -sV -vv 10.10.10.5


Image for post
Image for post

Today We’re going to solve Optimum, This is a retired machine from HackTheBox.

Optimum is a windows machine. Without wasting anymore time let’s start with the walk through.

Step 1 :nmap scan.


Image for post
Image for post

Hi Friends, Today we’re going to solve the recently retired HackTheBox Machine named “Bastion”.

IP address of “Bastion” is 10.10.10.134.

Now the first step for solving any machine is enumeration.

Well in Enumeration too the very first step to know is what are the ports that are open, what services are running, is there vulnerability already available for that exploit.

Cool, Let’s do a nmap scan for getting the ports info.

command: nmap -sC -sV 10.10.10.134


Image for post
Image for post

Server Side Request Forgery (SSRF) is a type of attack that can be carried out to compromise a server. The exploitation of an SSRF vulnerability enables attackers to send requests made by the web application, often targeting internal systems behind a firewall.

In easier and layman terms, Attacker asks the server to fetch a URL for him.

Let’s take an example of this below request:

GET /?url=http://malicious.com/ HTTP/1.1
Host: victim.com

In the above request, we can see the Host is “victim.com” and the GET request is taking “url” as user input.

Now, one might ask, How is this even a vulnerability?
→ Now this “url” parameter is based on user input and is controlled by anyone using it. If proper protection is not done, an attacker can use this little “url” parameter to make requests to internal service, for example, local IP-address, which are not publicly accessible from the internet. …

About

Kapil Verma

Security researcher, Blogger, Bug Bounty hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store