Popular
-
![[XSS Demo] I tried hacking a website in just one line!!](data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==)
[XSS Demo] I tried hacking a website in just one line!!
"I tried creating a bulletin board app that can use HTML tags!" What if a work by a beginner engineer would be "taken over" with just one line post? This time, we will be using an example of "Cross-site Scripting (XSS)," which is the basics of security, to see how vulnerable they are... -
[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup
This time, we will enumerate shared Samba, manipulate vulnerable versions of proftpd, and escalate privileges by manipulating path variables. "TryHackMe-Kenobi: https://tryhackme.com/room/kenobi" Please note that the explanation is a spoiler. Preparation First, start with "Start Machine... -
[SECCON Beginners CTF 2024] WEB Writeup
It wasn't a very good result, but I participated in the SECCON Beginners CTF 2024, so I'll leave a Writeup as a memo. ssrforlfi source check The folder structure after unzipping tar.gz is as follows. $ find ./ ./ ./docker-compose.yml ./.env ./app... -
[AI Development Tool] Vibe Coding with Lovable! Full-scale Web App Development with Supabase and AI | How to Get Started & Pricing Plans
"I want to create a more professional service, but I don't think I can write code..." For non-engineers who want to get serious about vibe coding, Lovable is the perfect development platform for the next step. Recently, there's been a lot of talk about AI-generated landing pages and UIs... -
[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup
Template engines are widely used in web applications to combine HTML and data to generate displays. For example, template engines are used on the backend to embed usernames, post contents, and other information into HTML. However,... -
Next.js + React Three Fiber + React Three XR + Variant Launch to develop a WebXR compatible AR app on iOS!
I was thinking of creating an AR app with WebXR, but the current situation is that iOS does not officially support WebXR. So, I used Variant Launch, which was also featured in the official React Three XR, to support WebXR AR on iOS as well. Does it work on iOS?WebXR fo... -
[TryHackMe] Expanding privilege escalation using backups of history files, config files, and important files! Linux PrivEsc Writeup Part 8
This time, we will try "Elevation of privileges by misusing backups of history files, config files, and important files." The target machine uses the Room below of TryHackMe. "TryHackMe-Linux PrivEsc: https://tryhackme.com/room/linuxprivesc" here... -
How to build a web app that automatically generates LPs in ChatGPT + Next.js [OpenAI API + Next.js + Tailwind CSS]
Recently, no-code AI tools like "Readdy" have been attracting attention. We are now in an age where anyone can easily use AI, but have you ever thought, "I want to incorporate AI into my services" or "I want to customize it more freely"? In this article, we will introduce the following... -
[Full-stack AI development] My impressions after using Replit and pricing plans explained | It's great, but is it difficult for non-engineers?
"I tried making an app with an AI development tool, but I always got stuck connecting to external services..." Replit is the ideal development environment for such "Vibecoders who want to take it a step further." Recently, many AI tools have appeared that automatically generate UI and code, but... -
[AI Security] Tricking an LLM with Prompt Injection | HackTheBox External Affairs Writeup
We live in an age where AI is acting as a proxy for human decision-making. What would happen if we could "trick" that AI just a little? This time, we took on the challenge of a CTF to break through international travel screening using AI. We used prompt injection, a technique that exploits a weakness in large-scale language models (LLMs).
![[XSS Demo] I tried hacking a website in just one line!!](https://hack-lab-256.com/wp-content/uploads/2025/07/hack-lab-256-samnail-23-1024x576.jpg)
![[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-2-1024x576.jpg)
![[AI Development Tool] Vibe Coding with Lovable! Full-scale Web App Development with Supabase and AI | How to Get Started & Pricing Plans](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-35-1024x576.jpg)
![[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-28-1024x576.jpg)
![[TryHackMe] Expanding privilege escalation using backups of history files, config files, and important files! Linux PrivEsc Writeup Part 8](https://hack-lab-256.com/wp-content/uploads/2023/04/hack-lab-256-samnail-14-1024x576.jpg)
![How to build a web app that automatically generates LPs in ChatGPT + Next.js [OpenAI API + Next.js + Tailwind CSS]](https://hack-lab-256.com/wp-content/uploads/2025/07/hack-lab-256-samnail-27-1024x576.jpg)
![[Full-stack AI development] My impressions after using Replit and pricing plans explained | It's great, but is it difficult for non-engineers?](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-41-1024x576.jpg)
![[AI Security] Tricking an LLM with Prompt Injection | HackTheBox External Affairs Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-29-1024x576.jpg)