0xZon

In the realm of identity management solutions, Okta stands as a beacon of trust, serving a multitude of global enterprises. With offerings like two-factor authentication (2FA) and Single Sign-On (SSO), the company caters to an impressive clientele that includes major corporations such as T-Mobile, jetBlue, Sonos, and many more. The... [Read More]

Description Server Side Request Forgery (SSRF) is a malicious web attack that enables an attacker to manipulate a server into making unintended HTTP requests to internal or external resources. In an SSRF attack, the attacker tricks the server into sending requests on their behalf, potentially accessing sensitive information or services... [Read More]

Title: Mejiro Reflected XSS Via Remote File Inclusion Risk: 6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Versions Affected: Before commit 3096393 Identifier: CVE-2023-46448 Authors: Aaron Haymore [Read More]

Name PC OS PC DIFFICULTY Easy [Read More]

Enumeration In the initial phase of a penetration test, my first step is to conduct a scan using nmap. In a real-world scenario, this would start with a host discovery scan to identify machines, followed by a more detailed port scan. However, since Hack The Box already provided the machine’s... [Read More]