Manh Nguyen

Welcome to my blog. Subscribe and get my latest blog post in your inbox.
image

Stripe CTF 2.0 (Web Edition)

10:10:42 April 30, 20245 min read8 comments

Stripe hosted another 'Capture the Flag' (CTF) event. They previously did one back in February 2012 which contained 6 flags - however they were back with the 'web edition' going from level 0 to level 8 covering a range of web attacks. This is how I did it.

Please …

Read more →
image

Damn Vulnerable Web Application (DVWA)

09:22:46 April 30, 20245 min read8 comments

This is a SERIES of blog posts, which will all relate to one another, but will take time.

I'm publishing as I go, but will come back and edit them in places at a later date - as well as adding in videos.

Best to check back when …

Read more →
image

DVWA - Main Login Page - Brute Force HTTP POST Form With CSRF Tokens

09:19:18 April 30, 20245 min read8 comments

Upon installing Damn Vulnerable Web Application (DVWA), the first screen will be the main login page. Even though technically this is not a module, why not attack it? DVWA is made up of designed exercises, one of which is a challenge, designed to be to be brute force. …

Read more →
image

DVWA - Brute Force (Low Level) - HTTP GET Form [Hydra, Patator, Burp]

15:25:59 April 29, 20245 min read8 comments

his post is a "how to" for the "brute force" module set to "low" level security inside of Damn Vulnerable Web Application (DVWA). There are separate posts for the medium level (time delay) and high setting (CSRF tokens). There is a related post for the login screen as …

Read more →
image

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

15:23:09 April 29, 20245 min read8 comments

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and …

Read more →