Open in app

Sign In

Write

Sign In

GrumpinouT
GrumpinouT

109 Followers

Home

About

Published in

InfoSec Write-ups

·Jun 7, 2021

Solution and explanation of tips for Intigriti’s 0521 XSS challenge — by @GrumpinouT

This month’s (May 2021) XSS challenge by Intigriti was created by me (with some additions by Inti). In this article, I will explain my solution for the challenge and the tips that were given. Recon In the application, two random numbers are given and the sum of the first number…

Xss Challenge

8 min read

Solution and explanation of tips for Intigriti’s 0521 XSS challenge — by @GrumpinouT
Solution and explanation of tips for Intigriti’s 0521 XSS challenge — by @GrumpinouT
Xss Challenge

8 min read


Published in

InfoSec Write-ups

·May 13, 2021

Upgrading XSS Hunter with a basic reverse JavaScript shell

Before you start reading this article, please keep in mind that this is a very basic reverse shell, and still needs a lot of work to get the most out of it. A few of the limitations are: Errors could occur if more the payload is active on multiple pages…

Reverse Shell

5 min read

Upgrading XSS Hunter with a basic reverse JavaScript shell
Upgrading XSS Hunter with a basic reverse JavaScript shell
Reverse Shell

5 min read


Published in

InfoSec Write-ups

·Apr 5, 2021

Weird and very easy authentication bypass found with Google dorking

In this post, I will explain how I found an authentication bypass, and further explored the functionality of the website, to increase the impact of the submission. The target had a wide scope and the main domain did not have that much functionality, so after a quick look around, I…

Authentication Bypass

3 min read

Weird and very easy authentication bypass found with Google dorking
Weird and very easy authentication bypass found with Google dorking
Authentication Bypass

3 min read


Published in

InfoSec Write-ups

·Feb 1, 2021

Intigriti’s January XSS Challenge 2021

Table of contents Introduction Explaining the code Initial ideas and method of solving The solution Introduction As always, I started with reading the rules. The goal is to alert() the following flag: {THIS_IS_THE_FLAG}. Hmm.. this is new! With the previous challenges I’ve solved the goal was to execute document.domain. …

Intigriti

9 min read

Intigriti’s January XSS Challenge
Intigriti’s January XSS Challenge
Intigriti

9 min read


Published in

InfoSec Write-ups

·Jan 21, 2021

Hacking BugPoc’s 18 Game (XSS challenge) hosted by The XXS Rat

Why does my title say “Hacking” when it’s just an XSS challenge? Because I didn’t solve the challenge, I hacked the game. When you open the challenge page, the first thing you see is this: This is a game called “18 Game” and its goal is to have three cards…

Xss Challenge

4 min read

Hacking BugPoc’s 18 Game (XSS challenge) hosted by The XXS rat
Hacking BugPoc’s 18 Game (XSS challenge) hosted by The XXS rat
Xss Challenge

4 min read


Published in

The Startup

·Jan 9, 2021

How Facebook lies about their privacy settings

While I was reading some of Inti De Ceukelaire’s old writeups, I came across “How I got your phone number through Facebook”. Facebook’s reply on his submission was that the “Who can look me up” settings are set to Public. After reading this, I decided to have a look at…

Facebook

4 min read

How Facebook lies about their privacy settings
How Facebook lies about their privacy settings
Facebook

4 min read


Published in

InfoSec Write-ups

·Dec 13, 2020

Intigriti’s December XSS Challenge 2020 (unintended solution)

As always, I started with reading the rules. The goal is to execute alert(document.domain) on the challenge-1220.intigriti.io domain. Self XSS and MiTM attacks are not in scope, and the solution should work on the latest version of Firefox and Chrome. The first thing I did was using the calculator like…

Intigriti

6 min read

Intigriti’s December XSS Challenge 2020 (unintended solution)
Intigriti’s December XSS Challenge 2020 (unintended solution)
Intigriti

6 min read


Published in

The Startup

·Nov 9, 2020

Solving Intigriti’s November XSS Challenge 2020 With the JavaScript Console.

Like you should do with every challenge, I started with reading the rules. Those were clear. The goal was to execute alert(document.domain) on the challenge-1120.intigriti.io domain, without using self-xss or MiTM attacks. The attack should work in the latest version of Chrome and Firefox. While looking at the html of…

Intigriti

5 min read

Solving Intigriti’s November XSS Challenge With the JavaScript Console.
Solving Intigriti’s November XSS Challenge With the JavaScript Console.
Intigriti

5 min read


Oct 29, 2020

Manual broken link monitoring

When I started with bug bounty hunting, I became interested in all bugs related to URLs, one of my favorite and easy to exploit / find bugs, are broken link takeovers. I have found a few since I started, but all of them were links to nonexistent social media accounts…

Broken Link

1 min read

Broken Link

1 min read


Oct 29, 2020

Internship application via broken link takeover

While I was looking at companies to do my internship at, I found a company with a link to an nonexistent Twitter account. I thought it would be original to use this takeover to apply for an internship, and immediately show them that their site has a broken link. So I created the application with a few tweets, and mailed the company to tell them to look at the twitter account linked to on their site.

Broken Link

1 min read

Broken Link

1 min read

GrumpinouT

GrumpinouT

109 Followers

Professional My Little Pony addict

Following
  • Manas Harsh

    Manas Harsh

  • d0nut

    d0nut

  • holme

    holme

  • 0xbeefed

    0xbeefed

  • mmohammed eldeeb

    mmohammed eldeeb

See all (11)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams