Popular
-
![[XSS Demo] I tried hacking a website in just one line!!](data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==)
[XSS Demo] I tried hacking a website in just one line!!
"I tried creating a bulletin board app that can use HTML tags!" What if a work by a beginner engineer would be "taken over" with just one line post? This time, we will be using an example of "Cross-site Scripting (XSS)," which is the basics of security, to see how vulnerable they are... -
[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup
This time, we will enumerate shared Samba, manipulate vulnerable versions of proftpd, and escalate privileges by manipulating path variables. "TryHackMe-Kenobi: https://tryhackme.com/room/kenobi" Please note that the explanation is a spoiler. Preparation First, start with "Start Machine... -
[SECCON Beginners CTF 2024] WEB Writeup
It wasn't a very good result, but I participated in the SECCON Beginners CTF 2024, so I'll leave a Writeup as a memo. ssrforlfi source check The folder structure after unzipping tar.gz is as follows. $ find ./ ./ ./docker-compose.yml ./.env ./app... -
Next.js + React Three Fiber + React Three XR + Variant Launch to develop a WebXR compatible AR app on iOS!
I was thinking of creating an AR app with WebXR, but the current situation is that iOS does not officially support WebXR. So, I used Variant Launch, which was also featured in the official React Three XR, to support WebXR AR on iOS as well. Does it work on iOS?WebXR fo... -
[AI Development Tool] Vibe Coding with Lovable! Full-scale Web App Development with Supabase and AI | How to Get Started & Pricing Plans
"I want to create a more professional service, but I don't think I can write code..." For non-engineers who want to get serious about vibe coding, Lovable is the perfect development platform for the next step. Recently, there's been a lot of talk about AI-generated landing pages and UIs... -
[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup
Template engines are widely used in web applications to combine HTML and data to generate displays. For example, template engines are used on the backend to embed usernames, post contents, and other information into HTML. However,... -
[Full-stack AI development] My impressions after using Replit and pricing plans explained | It's great, but is it difficult for non-engineers?
"I tried making an app with an AI development tool, but I always got stuck connecting to external services..." Replit is the ideal development environment for such "Vibecoders who want to take it a step further." Recently, many AI tools have appeared that automatically generate UI and code, but... -
Create.xyz is the best! No API key required, AI app development and mobile app development can be completed with Vibe Coding | How to get started & pricing plan explanation
"I have an idea, but I don't think I can develop an app..." For non-engineers who want to create web or mobile apps, create.xyz is a dream development platform. Recently, there have been many apps that generate UIs in natural language and suggest code snippets... -
I tried creating a chatbot using the OpenAI API [Next.js + Tailwind CSS]
Recently, more and more people are using OpenAI's API to create their own chatbots and business assistants. This article shows you how to build a simple and easy to customize chat UI using Next.js (App Router) and Tailwind CSS. OpenAI chat... -
[TryHackMe] Expanding privilege escalation using backups of history files, config files, and important files! Linux PrivEsc Writeup Part 8
This time, we will try "Elevation of privileges by misusing backups of history files, config files, and important files." The target machine uses the Room below of TryHackMe. "TryHackMe-Linux PrivEsc: https://tryhackme.com/room/linuxprivesc" here...
![[XSS Demo] I tried hacking a website in just one line!!](https://hack-lab-256.com/wp-content/uploads/2025/07/hack-lab-256-samnail-23-1024x576.jpg)
![[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-2-1024x576.jpg)
![[AI Development Tool] Vibe Coding with Lovable! Full-scale Web App Development with Supabase and AI | How to Get Started & Pricing Plans](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-35-1024x576.jpg)
![[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-28-1024x576.jpg)
![[Full-stack AI development] My impressions after using Replit and pricing plans explained | It's great, but is it difficult for non-engineers?](https://hack-lab-256.com/wp-content/uploads/2025/08/hack-lab-256-samnail-41-1024x576.jpg)
![I tried creating a chatbot using the OpenAI API [Next.js + Tailwind CSS]](https://hack-lab-256.com/wp-content/uploads/2025/07/hack-lab-256-samnail-25-1024x576.jpg)
![[TryHackMe] Expanding privilege escalation using backups of history files, config files, and important files! Linux PrivEsc Writeup Part 8](https://hack-lab-256.com/wp-content/uploads/2023/04/hack-lab-256-samnail-14-1024x576.jpg)