Homepage on Aditya Telange

One Year with evil-winrm-py - A Retrospective

Mon, 13 Apr 2026 00:00:00 +0530

A retrospective on the development and impact of evil-winrm-py, a Python implementation of the popular evil-winrm tool for Windows Remote Management.

Bypassing LinkedIn's Connection Privacy with a Simple Search Filter

Mon, 26 Jan 2026 00:40:00 +0530

Discover how a simple manipulation of LinkedIn's search filters allowed access to private connection lists, highlighting the importance of robust access controls.

Making Dynamic Instrumentation Accessible with Frida UI

Thu, 15 Jan 2026 00:00:00 +0530

A developer-friendly mobile-dashboard for Frida to speed up your Android and iOS dynamic instrumentation workflow.

Breaking Payload Encryption in Web Applications

Sat, 27 Sep 2025 23:59:52 +0530

A deep dive into techniques for breaking payload encryption in web applications, including common vulnerabilities and tools used.

HackTheBox (HTB) - Escape

Sun, 06 Jul 2025 19:50:00 +0530

Escape is a medium-difficulty Windows machine on Hack The Box that revolves around Active Directory. The initial foothold is gained by finding credentials in a PDF file on an open SMB share. This access is then leveraged to connect to an MSSQL service, from which we capture and crack the NTLM hash of a service account. Lateral movement is achieved by discovering another user’s credentials in a log file. Finally, privilege escalation to Administrator is accomplished by exploiting a misconfiguration in Active Directory Certificate Services (ADCS), specifically the ESC1 vulnerability.

HackTheBox (HTB) - Resolute

Sun, 29 Jun 2025 19:00:00 +0530

Resolute is a medium-difficulty Windows machine on HackTheBox that involves a realistic Active Directory penetration test. The initial foothold is gained by enumerating domain users via a null SMB session and discovering a default password in a user’s description, which is then reused to gain access as another user via WinRM. Lateral movement is achieved by discovering cleartext credentials for a more privileged user within PowerShell transcripts. Finally, privilege escalation to SYSTEM is accomplished by abusing the permissions of the DnsAdmins group to load a malicious DLL.

HackTheBox (HTB) - Certified

Thu, 20 Mar 2025 20:40:31 +0530

Certified is a Windows machine having misconfigured ACL in Active Directory environment where initial access for a low-privileged user judith.mader is provided. Exploitation of the Active Directory Certificate Service (ADCS) is required to get access to the management_svc, ca_operator and Administrator account by abusing shadow credentials and ESC9.

State of VMWare Workstation (Pro?) on Linux

Mon, 24 Jun 2024 22:38:44 +0530

VMWare Workstation is a popular virtualization software that was recently made available for free personal use after VMWare was acquired by Broadcom. This is an excellent move by Broadcom, as it will help many users to utilize this software for free for personal use and learning purposes.

I have been using VMWare Workstation on Linux for a while now and I have to say that it is a great piece of software. It is very easy to use, is extremely fast, and has a lot of features that make it a great choice for virtualization on Linux.

Android App Security Testing Lab with MobSleuth

Sun, 16 Jun 2024 19:32:45 +0530

Setting up a virtual lab for Android App security assessments.

Android phone as a Webcam on Linux

Sat, 17 Feb 2024 19:10:11 +0530

Learn how to set up a virtual webcam on Linux using your Android device’s cameras using scrcpy.

Breaking down Reverse shell commands

Sun, 07 May 2023 19:27:11 +0530

In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement.

For that we have an awesome project: revshells.com or reverse-shell-generator where we have a ton of reverse shell payloads listed. This blog post tries to explain their working.

Note: I’ll be breaking down all of them, but not all at once. If you have any comments/feedback let me know in the comments section.

HackTheBox (HTB) - Photobomb

Sat, 11 Feb 2023 21:40:09 +0530

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

Merging AOSP Security Patches into Custom ROMs

Sat, 28 Jan 2023 18:01:22 +0530

Learn how Android custom ROMs integrate AOSP security patches. Step-by-step guide to merging patches for a secure and up-to-date custom ROM.

Primer on HTTP Security Headers

Sun, 04 Dec 2022 04:11:01 +0530

Learn about HTTP security headers and how to configure them for securing web applications.

Image Zoom-In effect with HUGO

Sat, 10 Sep 2022 00:00:00 +0530

Adding a Zoom-In effect to post image for websites built with Hugo.

HackTheBox (HTB) - Legacy

Fri, 03 Jun 2022 22:15:51 +0530

Legacy is a relatively easy box which has SMB running on Windows XP(2000) OS. We find the exploit with metasploit and get access to priviledged user NT AUTHORITY\SYSTEM directly.

HackTheBox (HTB) - Lame

Fri, 03 Jun 2022 19:27:57 +0530

Lame is the 1st box on HackTheBox which requires only one exploit in Samba to obtain root access. We also explore other ways during we reach to superuser’s shell.

Cryptohack - Keyed Permutations [5 pts]

Fri, 20 May 2022 00:00:00 +0530

Problem

AES, like all good block ciphers, performs a “keyed permutation”. This means that it maps every possible input block to a unique output block, with a key determining which permutation to perform.

Cryptohack - Resisting Bruteforce [10 pts]

Fri, 20 May 2022 00:00:00 +0530

Problem

If a block cipher is secure, there should be no way for an attacker to distinguish the output of AES from a random permutation of bits. Furthermore, there should be no better way to undo the permutation than simply bruteforcing every possible key. That’s why academics consider a cipher theoretically “broken” if they can find an attack that takes fewer steps to perform than bruteforcing the key, even if that attack is practically infeasible.

Cryptohack - RSA Starter 1 [10 pts]

Fri, 20 May 2022 00:00:00 +0530

Problem

All operations in RSA involve modular exponentiation.

Modular exponentiation is an operation that is used extensively in cryptography and is normally written like: 2¹⁰ mod 17

You can think of this as raising some number to a certain power (2¹⁰ = 1024), and then taking the remainder of the division by some other number (1024 mod 17 = 4). In Python there’s a built-in operator for performing this operation: pow(base, exponent, modulus)

Cryptohack - Base64 [10 pts]

Tue, 03 May 2022 00:00:00 +0530

Problem

Another common encoding scheme is Base64, which allows us to represent binary data as an ASCII string using 64 characters. One character of a Base64 string encodes 6 bits, and so 4 characters of Base64 encode three 8-bit bytes.

Base64 is most commonly used online, so binary data such as images can be easily included into HTML or CSS files.

Cryptohack - Bytes and Big Integers [10 pts]

Tue, 03 May 2022 00:00:00 +0530

Problem

Cryptosystems like RSA works on numbers, but messages are made up of characters. How should we convert our messages into numbers so that mathematical operations can be applied?

The most common way is to take the ordinal bytes of the message, convert them into hexadecimal, and concatenate. This can be interpreted as a base-16 number, and also represented in base-10.

Cryptohack - Hex [5 pts]

Tue, 03 May 2022 00:00:00 +0530

Problem

When we encrypt something the resulting ciphertext commonly has bytes which are not printable ASCII characters. If we want to share our encrypted data, it’s common to encode it into something more user-friendly and portable across different systems.

Included below is a flag encoded as a hex string. Decode this back into bytes to get the flag.

63727970746f7b596f755f77696c6c5f62655f776f726b696e675f776974685f6865785f737472696e67735f615f6c6f747d

Solution

Python:

Cryptohack- XOR Starter [10 pts]

Tue, 03 May 2022 00:00:00 +0530

Problem

XOR is a bitwise operator which returns 0 if the bits are the same, and 1 otherwise. In textbooks the XOR operator is denoted by ⊕, but in most challenges and programming languages you will see the caret ^ used instead.

A	B	Output
0	0	0
0	1	1
1	0	1
1	1	0

For longer binary numbers we XOR bit by bit: 0110 ^ 1010 = 1100. We can XOR integers by first converting the integer from decimal to binary. We can XOR strings by first converting each character to the integer representing the Unicode character.

HackTheBox (HTB) - Horizontall

Sat, 05 Feb 2022 22:27:57 +0530

Horizontall is a fun box which has an API, vulnerable to Improper Access Control and RCE. The box is running a laravel service which is vulnerable to RCE which lets us run commanad as root.

HackTheBox (HTB) - Forge

Sat, 22 Jan 2022 21:27:29 +0530

Box Info

Name: Forge
OS: Linux
Difficulty: Medium
IP: 10.10.11.111
Points: 30
Machine Creator: NoobHacker9999

Introduction

Forge is a fun box on Hackthebox that has a File Upload functionality which is vulnerable to SSRF. This exposes the internal Admin panel and lets us read files with internal FTP service, which includes SSH key pair of the user.

Listing the available commands we can run as a superuser, we have a python script which opens a socket connection. This calls PDB with an exception occurs, with which we get a shell as root.

HackTheBox (HTB) - Previse

Sat, 08 Jan 2022 20:35:33 +0530

Previse is a fun Linux box on HackTheBox that has insecure redirect implementation which leaks information on the page. This can then be used to create a new user in the application and get access to backup.zip of it. Backup revels that there is a command injection vulnerability present in the logs fetching feature, which gets us a basic shell. We have a MySQL server running inside the box which has reused credenrials from the backup.zip. We get hashed/salted credentials inside this database and crack it by writing a custom PHP script. We again have a username and password reuse for a SSH user, which gives us a user shell. Listing sudo privilegs we get to know there is a script which we can run as root, that does not mention absolute $PATH for a command being used. Thus can be overriden by $PATH variable set by current USER.

HackTheBox (HTB) - BountyHunter

Sat, 20 Nov 2021 20:55:26 +0530

BountyHunter is a fun Linux box on HackTheBox that has XXE injection on a PHP form, which exposes DB credentials. This DB credential is reused as a password for a user on the box. The box also has an internal python3 script which could be run as elevated privileges. This script uses eval by which we get command injection, which leads to superuser access to this box.

HackTheBox (HTB) - Explore

Sat, 30 Oct 2021 20:37:29 +0530

Explore is a fun Android box that has an Open Port Vulnerability because of a popular file manager application. This box also has ADB over TCP/IP open over port 5555 which leads to obtaining root privileges.

HackTheBox (HTB) - Cap

Sat, 02 Oct 2021 00:00:00 +0530

Cap is a fun box where we find a flask web app which lets us download network log, where we find FTP and SSH credentials for user nathan. The box has python which has capability to set UIDs, which lets us access roots shell, when UID is set to 0.

HackTheBox (HTB) - Pit

Sat, 25 Sep 2021 00:00:00 +0530

Pit is a fun box where SNMP Data reveals that seeddms instance is running, which is vulnerable to RCE. The box has CentOS’s Cockpit Web Console on port 9090, which uses reused password from DB credentials. This gives access to user shell. LinPeas reveals there is a monitoring service, which runs bash scripts in a particular directory. Chaining this with SNMPwalk gives us root.

HackTheBox (HTB) - Knife

Sat, 28 Aug 2021 00:00:00 +0530

Knife is a fun box which uses a PHP version having backdoor, which leads to RCE. The box has a command named knife which lets non-superusers run commanad as root.

HackTheBox (HTB) - Love

Sat, 07 Aug 2021 00:00:00 +0530

Love is a fun box where we find a hidden subdomain that helps us retrieve Forbidden pages, where admin credentials are leaked of another service. The access to the admin dashboard has a file upload, through which we get a reverse shell. The box then has AlwaysInstallElevated that allows a regular user to install a Microsoft Windows Installer Package (MSI) with system privileges, which helps us get the Administrator access.

HackTheBox (HTB) - Tenet

Sat, 12 Jun 2021 00:00:00 +0530

Tenet is a fun box where we find a backup of a staging PHP file which loads external code via deserialization, which leads to code-execution and a reverse shell. This leads to access to a script which the non-sudoer user can run to add ssh-key for getting root shell.

HackTheBox (HTB) - Ready

Sat, 15 May 2021 00:00:00 +0530

Ready is a fun box which is using an outdated GitLab community version. Which apparently has an exploit which gives RCE to authenticated users. This RCE gives access to docker container in which gitlab instance is running, and we have to breakout the container to escalate our privilages to get own root!

Watermarking images with HUGO

Sat, 24 Apr 2021 00:00:00 +0530

Watermarking images in Hugo with your logo/text for copyright protection and marketing of digital works.

My Github Project went viral!

Tue, 16 Feb 2021 00:00:00 +0530

Hugo-PaperMod is a side-project of mine, which is a Hugo Theme. I started modifying/optimizing this initially for my personal website but later decided to post it publicly on Hugo Themes. It is a modded version of Theme Paper.

For a brief overview, PaperMod is a blazing fast, clean and responsive theme with powerful SEO, and good documentation. And this on which this website is also themed upon 😉

Cryptohack - ASCII [5 pts]

Thu, 04 Feb 2021 00:00:00 +0530

Problem

ASCII is a 7-bit encoding standard which allows the representation of text using the integers 0-127.

Using the below integer array, convert the numbers to their corresponding ASCII characters to obtain a flag.

[99, 114, 121, 112, 116, 111, 123, 65, 83, 67, 73, 73, 95, 112, 114, 49, 110, 116, 52, 98, 108, 51, 125]

Solution

Python:

Cryptohack - Finding Flags [2 pts]

Wed, 03 Feb 2021 00:00:00 +0530

Problem

Each challenge is designed to help introduce you to a new piece of cryptography. Solving a challenge will require you to find a “flag”.

These flags will usually be in the format crypto{y0ur_f1rst_fl4g}. The flag format helps you verify that you found the correct solution.

Try submitting this into the form below to solve your first challenge.

Solution

Solution is given in problem XD

Cryptohack - Great Snakes [3 pts]

Wed, 03 Feb 2021 00:00:00 +0530

Problem

Modern cryptography involves code, and code involves coding. CryptoHack provides a good opportunity to sharpen your skills.

Of all modern programming languages, Python 3 stands out as ideal for quickly writing cryptographic scripts and attacks. For more information about why we think Python is so great for this, please see the FAQ.

Run the attached Python script and it will output your flag.

Cryptohack - JWT Sessions [10 pts]

Wed, 03 Feb 2021 00:00:00 +0530

Problem

The traditional way to store sessions is with session ID cookies. After you login to a website, a session object is created for you on the backend (the server), and your browser (the client) is given a cookie which identifies that object. As you make requests to the site, your browser automatically sends the session ID cookie to the backend server, which uses that ID to find your session in its own memory and thus authorise you to perform actions.

Cryptohack - Network Attacks [5 pts]

Wed, 03 Feb 2021 00:00:00 +0530

Problem

Several of the challenges are dynamic and require you to talk to our challenge servers over the network. This allows you to perform man-in-the-middle attacks on people trying to communicate, or directly attack a vulnerable service. To keep things consistent, our interactive servers always send and receive JSON objects.

Python makes such network communication easy with the telnetlib module. Conveniently, it’s part of Python’s standard library, so let’s use it for now.

Cryptohack - Token Appreciation [5 pts]

Wed, 03 Feb 2021 00:00:00 +0530

Problem

JavaScript Object Signing and Encryption (JOSE) is a framework specifying ways to securely transmit information on the internet. It’s most well-known for JSON Web Tokens (JWTs), which are used to authorise yourself on a website or application. JWTs typically do this by storing your “login session” in your browser after you have authenticated yourself by entering your username and password. In other words, the website gives you a JWT that contains your user ID, and can be presented to the site to prove who you are without logging in again. JWTs look like this:

CAF's Android for MSM

Mon, 02 Nov 2020 00:00:00 +0530

The Introduction to what CAF is w.r.t AOSP development

Basic Website Analytics with Vercel

Thu, 01 Oct 2020 14:35:11 +0000

Using Vercel’s Built-in HTTP Headers to get Usage Analytics with help of Serverless API

Github Actions as Temporary File Sharing Platform

Sat, 26 Sep 2020 13:20:44 +0000

Using Github’s workflow actions to set-up a High Speed Temporary File Sharing Platform

Addition of prebuilt APK - AOSP Rom Development

Sun, 14 Jun 2020 00:00:00 +0000

Sometimes we need to add some pre-built apk in our build because the source isn’t available or it is more easy to just pull the binaries from, and add it to our build.This post says how to do it.

External Link With target='_blank' in Hugo Markdown

Wed, 03 Jun 2020 18:16:38 +0000

Intro

Many a times we need to open some External Link in New Tab for the convenience of the Visitor . In Hugo there is no default method for this. All we have in Hugo is relref for Internal sites. :/

Implementaion

Hugo offers a way to render using a predefined template to Markdown(.md) with the help of Shortcodes. We can create such a shortcode for *Creating an Exeternal link with with target='_blank'.

Setting Up Build Environment - AOSP Rom Development

Fri, 17 Apr 2020 00:00:00 +0530

AOSP requires some dependencies and libraries in-order to build properly. This post explains how to set that up

Getting Started - AOSP Rom Development

Mon, 13 Apr 2020 00:00:00 +0000

The Introduction to what AOSP is

Using Secure HTTP Headers with Vercel/Zeit

Tue, 07 Jan 2020 13:16:38 +0000

About Secure HTTP Headers with a guide to adding it to Vercel/Zeit deployments

About Me