Blog

This article describes the solution steps for the machine named “W000PS”, which was published exclusively on the PriviaHub platform on 8 March for International Women’s Day and has since been retired. First, a scan was initiated to detect the open ports on the machine, the current services running on the open ports, and the operating […]

Sudo is a program on Linux and Unix systems that enables users to run commands with the rights of the superuser. On Linux and Unix systems, a file named sudoers exists under the /etc directory for sudo. This file is sudo’s configuration file. Through configurations made in the sudoers file, users with root rights can […]

SQL Injection is a critical security vulnerability that allows attackers to send unauthorised SQL queries to a database. Attackers who are able to exploit this vulnerability can access critical data in the database and perform operations on it such as insertion, deletion and modification. The SQL Injection vulnerability ranks first on the OWASP 2017 TOP […]

XSS (Cross-Site Scripting) is a security vulnerability that allows attackers to inject client-side code into web pages by exploiting client-based scripting languages such as HTML and JavaScript. Because XSS attacks are carried out on the client side, the actual targets of the attacks are not the web applications themselves but the users. Attackers who can […]

Nmap is one of the most advanced network scanning tools available today. Nmap is used to detect the IP addresses of devices on a network, device information, open ports, operating systems, services running on open ports, and vulnerabilities on devices. In security tests conducted against any organisation or institution, the information gathering, scanning, and enumeration […]

The main goal in penetration tests conducted against Windows systems is, after compromising one system, to take over all systems. Therefore, as the final stage of the tests, the objective is to compromise the DC (Domain Controller) server, which acts as the main server in an Active Directory Domain environment and allows systems to be […]