Aditya Telange

Cyber-Security Researcher and Developer having interests in Application-Security, *nix based Systems, Android, Reverse Engineering and Programming; loves Command Line, FOSS.

HackTheBox - Photobomb

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

February 11, 2023 · 7 min · Aditya Telange

How AOSP Security Patches are merged into Android Custom ROMs?

Learn how Android Custom ROM developers merge AOSP security patches.

January 28, 2023 · 3 min · Aditya Telange

Primer on HTTP Security Headers

What are HTTP headers? HTTP headers are a list of key-value pairs which are sent along with HTTP requests and responses. Let us take an example with below request(left) and response(right): In the above snapshot, we can see that we have an HTTP request being sent to Host. Along with that request/response, we see Key:Value pairs, these are HTTP Headers. These look similar to YAML format. HTTP headers let the client and the server pass additional information with an HTTP request or response....

December 4, 2022 · 10 min · Aditya Telange

Image Zoom-In effect with HUGO

In this blog post we will look into how we can add a Zoom-In effect for better visibility. We will be using Markdown Render Hooks from Hugo with HTML & CSS, implementing a non-javascript solution. View the outcome 👇 About Markdown Render Hooks Hugo offers really handy Markdown Render Hooks. These allow custom templates to override markdown rendering functionality. We will be using render-image hook to process out the images in the post as per our needs....

September 10, 2022 · 3 min · Aditya Telange

HackTheBox - Legacy

Legacy is a relatively easy box which has SMB running on Windows XP(2000) OS. We find the exploit with metasploit and get access to priviledged user NT AUTHORITY\SYSTEM directly.

June 3, 2022 · 4 min · Aditya Telange
This site uses cookies from Google to deliver its ad-services.