Introduction I was watching, liveoverflow’s tutorial series on game hacking. In part 9, he developed a proxy server to intercept the game traffic. https://www.youtube.com/watch?v=iApNzWZG-10 . But i noticed a problem with his approach. He knows that the game uses the hostname master.pwn3 and game.pwn3 to connect to the game. With that…

Introduction In this writeup, i will be explaining what password reset poisoning is, and show examples on it on real life projects. Lets get started What is Password Reset Poisoning Password reset poisoning is a technique whereby an attacker manipulates a vulnerable website into generating a password reset link pointing to a domain under their control. …

I was trying to improve my static analysis code, specifically django apps, so i decided to hack a random project in github. And i found kitsune. https://github.com/mozilla/kitsune Kitsune is made by mozilla and according to them, it is what powers the support.mozilla.org So i downloaded it, and tried to hack…

While reading the code of bookwyrm, i encounter this endpoint This endpoint calls the function views.upload_cover.

As a hacker, we are asked a million times before if we can hack into their school system and change their grades. So i decided to take it a little further and actually try to research on school management systems. I picked one of the most famous free school management…

Last writeup, we talk about how to hack unity games compiled on mono. This time, we will be hacking unity games compiled in il2cpp. IL2CPP is a Unity3d technology for converting C# code to C++ code and from there native compilation for a particular platform. Unlike mono, it is harder…

Introduction Unlike native games that is made with c++/c, games made with c# are easier since c# is not compiled and the metadata are not completely lost. In this writeup, i will show you how to hack Unity Games compiled with mono, or any other games that is made with .net…

Django is a python based web framework. In this writeup, i will teach you how to analyze django based applications . For this writeup, i will be using wagtail for examples. …

This is a fairly simple and short writeup, but i think is worth sharing, so lets get started. This program is private so i will be redacting most of the information from it. Like any other website, my program has a 2fa implemented, and their implementation is pretty good too…