In this digital era, protecting personal data is becoming increasingly important, especially in Indonesia. Many internet users still use weak passwords, which can easily be exploited by cybercriminals. If you are looking for information about downloading Indonesian password wordlists, this article will discuss it, including their usage, risks, and how to protect yourself.
What Is a Password Wordlist? A password wordlist is a collection of passwords commonly used by internet users. This list is …
We often find ourselves needing to work quickly when dealing with the terminal. This is already helped by bash-completion, which allows us to type commands automatically by pressing the [TAB] key twice. However, in general the terminal also has shortcuts that help us work with Linux more easily and quickly. Below is a list of common terminal shortcuts. This list was taken from Hack The Box Academy.
Auto Completion
[TAB] - Initiates command auto completion.
Let’s get straight to the point: this machine is hard, period. When the labs were first launched there were three machines: Zombie, Hellbound, and Anonymouz. In my opinion this one is quite difficult, probably due to my lack of experience in exploitation and intuition. Until the time this write-up was written, the author still hadn’t obtained the root user flag and was stuck at www-data. Fortunately, the user flag is readable by www-data, so it can still be submitted.
Retas.io is a company from PT. Solusi Siber Teknologi that offers various security services ranging from Vulnerability Assessment, Penetration Testing, to other specialized IT and security-related needs.
Recently retas.io launched a new product called retas labs which is intended to help new players entering the Infosec world. These labs are somewhat similar to Hack The Box. By using a VPN we are required to solve challenges using our IT knowledge and skills. Not only that, they also plan to …
After a long time without creating or solving challenges due to increasingly limited free time and assignments piling up, I finally received information about a challenge from a friend in a Telegram group. This challenge was created by another community called Malang Hacker Link. The challenge is quite unique and fun to solve because no “magic tricks” are required.
From the information provided, I immediately opened the link and found a form with two fields: first name and last name. Since we …
Since this machine has already been retired and is no longer considered relevant as a challenge, I decided to write a solution explaining how to complete the VM Heaven challenge from Surabaya Hacker Link.
In fact, solving this challenge does not require special hacking tools such as sqlmap or metasploit because the challenge is relatively easy. No advanced hacking knowledge is required. As long as you are familiar with the GNU/Linux operating system and understand the basics of pwning (owning) a …
VIM - Text Editor You might already be familiar with this text editor, it’s VIM or Vi Improved. Vim is a terminal-based text editor that is very efficient and can significantly speed up work. Vim is often considered difficult because many users are not yet familiar with its default key bindings.
VIM itself has existed since 1991, and it is still widely used by developers, system administrators, and many others. VIM is also a very lightweight and fast editor that can be accessed directly …
After being busy enough that I didn’t have time to create challenges and write down how to complete these challenges on this blog, this time we will discuss a little about fail2ban and how to configure it.
Generally fail2ban is used to ban IPs that fail to authenticate up to the maximum limit stated in the configuration and this IPS is very effective in preventing attacks that will occur on the server, such as bruteforce attacks on SSH ports (22), FTP (21), SMTP (25), etc., even other …
As usual, in the Surabaya Hacker Link group there are various challenges. Not only admins create them, but members also submit challenges, and I helped deploy this one. Not only deploying it, of course I also tried solving it :3
Without further ado, we accessed the challenge at challshl.com.
Since I was involved during deployment, I had a slight idea where the bug was located. The cool term would be white box pentest, meaning testing by reading the website source code cmiiw.
First of all, Happy Eid al Fitr 1440 H, please forgive any mistakes. Nothing in this world is perfect, including this writing.
Since the launch of the BSSN program titled V2DP or Voluntary Vulnerability Disclosure Program, many people have asked in discussion forums and social media groups about how to properly write a bug report after discovering a vulnerability. Here are a few tips from me on how to write a good report.
