rashahacks: Hacker's Blog Station

Sign in Subscribe

Writeups For Hackers By Hackers

Featured articles

jsmon-cli - Enhanced Security Tooling for JavaScript (jsmon.sh)

jsmon-cli - Enhanced Security Tooling for JavaScript (jsmon.sh)

How I Got Multiple Privilege Escalations - The Easy Trick?

How I Got Multiple Privilege Escalations - The Easy Trick?

Soft Deletion of Resources - [Privacy Violation]

Soft Deletion of Resources - [Privacy Violation]

Binary Exploitation: 64-bit Buffer Overflow Attack

Binary Exploitation: 64-bit Buffer Overflow Attack

API Excessive Data Exposure: Why Devs? Why?

API Excessive Data Exposure: Why Devs? Why?

Bypassing Okta SSO=> HTTPS/HTTP

Bypassing Okta SSO=> HTTPS/HTTP

Pwning Admin Panel To Change Movie Ticket Prices at Disney

Pwning Admin Panel To Change Movie Ticket Prices at Disney

Slides: GraphQL Hacking

Slides: GraphQL Hacking

Changing Others Profile Pic with IDOR

[1->2->3] or [2->3]: Bypassing Authentication Barriers

[1->2->3] or [2->3]: Bypassing Authentication Barriers

Why Shift to Manual Hacking?

Why Shift to Manual Hacking?

Writeup: Delete Replies on LinkedIn Learning

Writeup: Delete Replies on LinkedIn Learning

Guide to Parameter Enumeration

Guide to Parameter Enumeration

ffuf - Fuzz The Web

ffuf - Fuzz The Web

Puredns - Bruteforce Domains

How do I approach exploiting access control bugs?

How do I approach exploiting access control bugs?

Exposing Users Table From a Leaky GraphQL Query

Exposing Users Table From a Leaky GraphQL Query

Hacking GraphQL API Using Suggestions

Hacking GraphQL API Using Suggestions

Phases of Hacking

Phases of Hacking

Guide to Permutations Subdomain Enumeration

Guide to Permutations Subdomain Enumeration

Setting up Vulnerable REST API Penetration Testing Lab

Setting up Vulnerable REST API Penetration Testing Lab

How do I enumerate more root domain names than others?

How do I enumerate more root domain names than others?

Securing Smart Contracts: The extcodesize Pitfall

Securing Smart Contracts: The extcodesize Pitfall

Cheatsheet - 15 Methods to Bypass 2FA Mechanism

Cheatsheet - 15 Methods to Bypass 2FA Mechanism

How I fuzz and hack APIs?

How I fuzz and hack APIs?

How I Pwned 10 Admin Panels and got rewarded 8000$+?

How I Pwned 10 Admin Panels and got rewarded 8000$+?

Guide to Password Cracking

Guide to Password Cracking

Exploiting GraphQL Aliases

Exploiting GraphQL Aliases

Reverse Whois - Increase Attack Surface Area

Reverse Whois - Increase Attack Surface Area

My Favourite 10 Shodan Dorks

My Favourite 10 Shodan Dorks

OpenAdmin(Linux-based) Machine Walkthrough HTB

Password Vulnerabilities: How to Prevent Them from Happening?

Password Vulnerabilities: How to Prevent Them from Happening?

Privacy Violation In Chat System

Privacy Violation In Chat System

Change Any User Profile Details On Disney

Ethical Hacking Roadmap and Resources

Ethical Hacking Roadmap and Resources

Aug

28

jsmon-cli - Enhanced Security Tooling for JavaScript (jsmon.sh)

4 min read

Feb

13

How I Got Multiple Privilege Escalations - The Easy Trick?

2 min read

Nov

24

Discovering private chats between users and the support team

5 min read

Oct

13

Android Hacking: The libwebp Vulnerability (zero-day/zero-click)

4 min read

Oct

13

Soft Deletion of Resources - [Privacy Violation]

3 min read

Sep

23

Binary Exploitation: 64-bit Buffer Overflow Attack

8 min read

Aug

25

API Excessive Data Exposure: Why Devs? Why?

1 min read

Aug

10

5500$ Bug Story - Ezzy 2FA Bypass

1 min read

Jun

30

Default OTP: Account Takeover

1 min read

Jun

24

Unmasking Scammers

4 min read

Jun

20

Bypassing Okta SSO=> HTTPS/HTTP

1 min read

Jun

14

Pwning Admin Panel To Change Movie Ticket Prices at Disney

1 min read

May

31

The Impact of XSS on SEO and Website Reputation: Strategies for Recovery and Prevention

3 min read

May

28

Slides: GraphQL Hacking

3 min read

May

27

Changing Others Profile Pic with IDOR

2 min read

May

23

[1->2->3] or [2->3]: Bypassing Authentication Barriers

3 min read

Apr

25

Tools for reconnaissance and footprinting

4 min read

Apr

17

Why Shift to Manual Hacking?

4 min read

Apr

12

Writeup: Delete Replies on LinkedIn Learning

2 min read

Apr

04

Guide to Parameter Enumeration

5 min read