Summary: Identify the request encryption mechanism and successfully break it. Develop a Burp Suite plugin and Python code for decrypting and encrypting requests. Exploit the response manipulation vulnerability to escalate privileges to a super admin. Before starting the penetration testing, I gather information about the target, such as how the application…

* * * Konan challenge * * * This challenge contains login by username and OTP code First, I sent an admin in user parameter And I show the second request, it had oneparameter OTP

Kenzy challenge (Cyber wargames 2022) SQL Injection + Captcha bypass Challenge description: This login page is protected by captcha to deny any brute force attack. 1. The captcha is not fully secure 2. Login page functionality is vulnerable to Blind SQL Injection Attack vector Bypassing captcha and getting the flag from database. Steps to solve this challenge Detect SQL Injection …

Note: Since its a private program, I will call it example.com Server behavior If you send many requests, the reset password will block you with response code => 429 and response message “Too many requests”. Attempts in testing 1- Change the user-agent header’s value randomly in every request. [Failed] 2- Adding…