Latest Entries »

The following write-up will show how we passed the web-app level in BSides Algiers CTF which was sponsored by synapse-labs.

From LFI to arbitrary command execution.



During  working on iCrack I needed to highlight syntax {{ tag }}  in Django  template  system.
One of the best IDEs is Geany cuz it has some features you will need while writing codes related to web-dev

The issue is some of these IDEs still doesn’t support Django templates, and as Geany uses Scintilla as its highlighting engine you can enable highlighting by executing the following code inside your bash :

lnxg33k@Arabpwn:~$ sed ’11i lexer.html.django=1′ /usr/share/geany/filetypes.html > ~/.config/geany/filedefs/filetypes.html

tested on Ubuntu 11.10 and geany 0.20 (built on Jul  1 2011 with GTK 2.24.5, GLib 2.29.8, GIO)

View full article »

View full article »

i followed corelan tutorials for BOF exploitation (Which are awesome ) so i will convert it into videos and i will use Python instead of Perl

the fisrt tut about a vulnerability in Easy RM to MP3 Conversion Utility
which was reported by Crazy_Hacker with a POC (SP2 ENG) doesn’t work for me

View full article »

View full article »

View full article »

Video: DVWA Stored XSS via SET

“exploiting stored XSS on DVWA via SET


View full article »

SQLmap with –cookie flag and –string too!!”


View full article »

Scripts: idecoder ver. 0.5

idecoder ver. 0.5″


View full article »