Popular
-
![[XSS Demo] I tried hacking a website in just one line!!](data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==)
[XSS Demo] I tried hacking a website in just one line!!
"I tried creating a bulletin board app that can use HTML tags!" What if a work by a beginner engineer would be "taken over" with just one line post? This time, we will be using an example of "Cross-site Scripting (XSS)," which is the basics of security, to see how vulnerable they are... -
[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup
This time, we will enumerate shared Samba, manipulate vulnerable versions of proftpd, and escalate privileges by manipulating path variables. "TryHackMe-Kenobi: https://tryhackme.com/room/kenobi" Please note that the explanation is a spoiler. Preparation First, start with "Start Machine... -
[SECCON Beginners CTF 2024] WEB Writeup
It wasn't a very good result, but I participated in the SECCON Beginners CTF 2024, so I'll leave a Writeup as a memo. ssrforlfi source check The folder structure after unzipping tar.gz is as follows. $ find ./ ./ ./docker-compose.yml ./.env ./app... -
Next.js + React Three Fiber + React Three XR + Variant Launch to develop a WebXR compatible AR app on iOS!
I was thinking of creating an AR app with WebXR, but the current situation is that iOS does not officially support WebXR. So, I used Variant Launch, which was also featured in the official React Three XR, to support WebXR AR on iOS as well. Does it work on iOS?WebXR fo... -
[AI Development Tool] Vibe Coding with Lovable! Full-scale Web App Development with Supabase and AI | How to Get Started & Pricing Plans
"I want to create a more professional service, but I don't think I can write code..." For non-engineers who want to get serious about vibe coding, Lovable is the perfect development platform for the next step. Recently, there's been a lot of talk about AI-generated landing pages and UIs... -
[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup
Template engines are widely used in web applications to combine HTML and data to generate displays. For example, template engines are used on the backend to embed usernames, post contents, and other information into HTML. However,... -
[TryHackMe] Expanding privilege escalation using backups of history files, config files, and important files! Linux PrivEsc Writeup Part 8
This time, we will try "Elevation of privileges by misusing backups of history files, config files, and important files." The target machine uses the Room below of TryHackMe. "TryHackMe-Linux PrivEsc: https://tryhackme.com/room/linuxprivesc" here... -
[AI Security] Tricking an LLM with Prompt Injection | HackTheBox External Affairs Writeup
We live in an age where AI is acting as a proxy for human decision-making. What would happen if we could "trick" that AI just a little? This time, we took on the challenge of a CTF to break through international travel screening using AI. We used prompt injection, a technique that exploits a weakness in large-scale language models (LLMs). -
[AI Security] AI Agent Hijacking Exploiting OpenAI Function Calling: Practice and Defense Strategies Explained! HackTheBox Loyalty Survey Writeup
The evolution of AI has already gone beyond simply conversing with humans. Recent large-scale language models (LLMs) can call external functions and APIs in response to user requests, running actual systems and services. OpenAI's Function Calling feature... -
[AI Security] Attacking AI-Negotiated Ransomware with Prompt Injection | HackTheBox TrynaSob Ransomware Writeup
We are now in an era where AI is no longer just a "conversational partner" but can also be a tool for attackers. In recent years, even in the world of ransomware, AI negotiation bots have appeared that automate interactions with victims, streamlining ransom payments. However, the authority and information that this AI possesses...
![[XSS Demo] I tried hacking a website in just one line!!](https://hack-lab-256.com/wp-content/uploads/2025/07/hack-lab-256-samnail-23-1024x576.jpg)
![[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-2-1024x576.jpg)
![[AI Development Tool] Vibe Coding with Lovable! Full-scale Web App Development with Supabase and AI | How to Get Started & Pricing Plans](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-35-1024x576.jpg)
![[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-28-1024x576.jpg)
![[TryHackMe] Expanding privilege escalation using backups of history files, config files, and important files! Linux PrivEsc Writeup Part 8](https://hack-lab-256.com/wp-content/uploads/2023/04/hack-lab-256-samnail-14-1024x576.jpg)
![[AI Security] Tricking an LLM with Prompt Injection | HackTheBox External Affairs Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-29-1024x576.jpg)
![[AI Security] AI Agent Hijacking Exploiting OpenAI Function Calling: Practice and Defense Strategies Explained! HackTheBox Loyalty Survey Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-30-1024x576.jpg)
![[AI Security] Attacking AI-Negotiated Ransomware with Prompt Injection | HackTheBox TrynaSob Ransomware Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-31-1024x576.jpg)