First of all, you need to add the username field in the users table. To do that, add the following in create_users_table.php $table->string('username'); Now, migrate it. php artisan migrate:refresh Add it in the User.php model in

Enumeration Checking connection: ping 10.10.10.165 Finding out more about the webserver: nmap -A 10.10.10.165 -o nmapresults.txt We see that on port 80, there's a Nostromo service running. Let's see if there's an exploit for it. Checking for

Bug Bounty Hunting Tools set up in Alpine Linux! Link to GitHub repo: https://github.com/abhizer/alpine_linux_bbht I was working with an Ubuntu docker but then decided to switch to Alpine because its light weight and minimal. And, just wanted to

Frist, download and install Docker Desktop in your computer. Once, you are done with that, you can follow the steps here to create a development environment! Setting up the Docker First pull the docker image: docker pull alpine Verify that it as been downloaded:

To pass terminal traffic through Burp, first open up Burp and then you should probably turn the Intercept off. At least, that is what I like to do. We will be using Proxychains here. So, first, let's configure it. vi /etc/proxychains.conf Go

Introduction to Technology and Hacking As we're diving deeper into this fascinating well of technology, it is very possible for us to be naive and forget about the security risks that we might face. The deeper we go, the darker it gets. With this,

A very simple recon script that uses the previous subdomains.sh script, and httprobe, waybackurls by @tomnomnom and then, uses dig to find their IP addresses. Github link: https://github.com/abhizer/recon.sh

As I am getting started with Bug Bounty hunting, I've found that subdomain enumeration is a key component to it. And, there are a lot of tools that can be used for it, each with their own pros and cons. So, I decided to

Postman is an easy marked box in HackTheBox, it just retired and here's my writeup! First, let's add the hostname postman to the hosts file so that, we don't always need to type in the IP address. vi /etc/hosts Hit i (going to

So, when I was creating my first laravel 6 app and trying to connect it to the database, I got these two errors: PDOException : SQLSTATE[HY000] [2006] MySQL server has gone away Illuminate\Database\QueryException : SQLSTATE[HY000] [2002] Connection refused (SQL: select * from information_

I had been away from laravel for a few months and today, when I decided to take a look at it again and install laravel/valet, the composer just wouldn't work. Abhizer@Abhizer > ~/Development > composer global require "laravel/valet" Changed current directory to /Users/

Say you have compromised a Windows machine that provides Active Directory Directory Services to its users and have gained access as a user who is a part of the DNSAdmins group, you can use this method to privilege escalate. Here, what we're doing is:

SwagShop is a pretty easy linux box in HackTheBox, by now, it has expired and that's why I am posting this walkthrough. This is also my first successful hack in HTB. The steps are as follows: As we don't know anything about the machine

In a normal C program, giving an input in a field where scanf() is used, the part after the space disappears. It is basically because spaces, like the return command, are used to differentiate between two different inputs. However, there is a way to

The password hashes in the /etc/shadow file is usually divided into 3 groups seperated by the symbol $. The first section, i.e. after the first $ symbol represents the hashing algorithm used. The meanings of the different values in this field are: $1 = MD5