TwitterFacebook

Art Of Code

Software and Data Science

writeups, ctf, overthewire, bandit

Bandit Level 2 → Level 3

Bandit3 is the fourth level of the OverTheWire Bandit wargame. In this level, we will learn how to handle filenames with spaces in them and how to read the contents of a file with a space in its name. By completing this level, we will gain access to the password for the next level.
Christian Páez
Christian Páez
1 min read
writeups, ctf, overthewire, bandit

Bandit Level 1 → Level 2

Bandit2 is the third level of the OverTheWire Bandit wargame. In this level, we will learn how to handle special characters in filenames and how to read the contents of a file that has a hyphen in its name. By completing this level, we will gain access to the password for the next level.
Christian Páez
Christian Páez
1 min read
writeups, bandit, ctf, overthewire

Bandit Level 0 → Level 1

Bandit Level 0 → Level 1 is the second level of the OverTheWire Bandit wargame. In this level, we will learn how to use the "find" command to search for files and how to use the "cat" command to read the contents of a file.
Christian Páez
Christian Páez
1 min read
writeups, overthewire, bandit, ctf

Bandit Level 0

Bandit0 is the first level of the OverTheWire Bandit wargame. In this level, we will learn how to use SSH to connect to the remote server and gain access to the password for the next level.
Christian Páez
Christian Páez
1 min read
portswigger, writeups, cors, web

Portswigger’s lab write up: CORS vulnerability with trusted null origin

In this apprentice-level lab, we will exploit a website with a CORS vulnerability that trusts the “null” origin to obtain a user’s private credentials.
Christian Páez
Christian Páez
2 min read
writeups, portswigger, web, cors

Portswigger’s lab write up: CORS vulnerability with basic origin reflection

In this apprentice-level lab, we will exploit a website with a basic CORS vulnerability to obtain a user’s private credentials.
Christian Páez
Christian Páez
2 min read
writeups, portswigger, web, clickjacking

Portswigger’s lab write up: Clickjacking with a frame buster script

In this apprentice level lab, we will exploit the change email flow from a website vulnerable to clickjacking via URL parameters, even though there is a frame buster script enabled.
Christian Páez
Christian Páez
3 min read
blog, datascience

Who will win the 2022 Brazilian Presidential Election?, according to statistics.

Many news outlets have run opinion polls on presidential candidates for the Brazilian 2022 election; what does this data tell us about a possible winner?.
Christian Páez
Christian Páez
1 min read
Projects

2022 Brazilian Election Forecast

Luiz Inácio Lula da Silva has a 96% chance of winning the 2022 presidential election(Second Round).
Christian Páez
Christian Páez
1 min read
writeups, portswigger, web, clickjacking

Portswigger’s lab write up: Clickjacking with form input data prefilled from a URL parameter

In this apprentice level lab, we will exploit the change email flow from a website vulnerable to clickjacking due to form filling via url parameters.
Christian Páez
Christian Páez
2 min read
writeups, portswigger, web, clickjacking

Portswigger’s lab write up: Basic clickjacking with CSRF token protection

In this apprentice level lab, we will exploit the delete account flow from a website vulnerable to clickjacking even though there is some CSRF token protection present.
Christian Páez
Christian Páez
2 min read
writeups, portswigger, web, csrf

Portswigger’s lab write up: CSRF vulnerability with no defenses

In this apprentice-level lab, we will exploit a site that contains a CSRF vulnerability in its email change functionality.
Christian Páez
Christian Páez
2 min read