After a long time without creating or solving challenges due to increasingly limited free time and assignments piling up, I finally received information about a challenge from a friend in a Telegram group. This challenge was created by another community called Malang Hacker Link. The challenge is quite unique and fun to solve because no “magic tricks” are required.
From the information provided, I immediately opened the link and found a form with two fields: first name and last name. Since we …
Since this machine has already been retired and is no longer considered relevant as a challenge, I decided to write a solution explaining how to complete the VM Heaven challenge from Surabaya Hacker Link.
In fact, solving this challenge does not require special hacking tools such as sqlmap or metasploit because the challenge is relatively easy. No advanced hacking knowledge is required. As long as you are familiar with the GNU/Linux operating system and understand the basics of pwning (owning) a …
VIM - Text Editor You might already be familiar with this text editor, it’s VIM or Vi Improved. Vim is a terminal-based text editor that is very efficient and can significantly speed up work. Vim is often considered difficult because many users are not yet familiar with its default key bindings.
VIM itself has existed since 1991, and it is still widely used by developers, system administrators, and many others. VIM is also a very lightweight and fast editor that can be accessed directly …
After being busy enough that I didn’t have time to create challenges and write down how to complete these challenges on this blog, this time we will discuss a little about fail2ban and how to configure it.
Generally fail2ban is used to ban IPs that fail to authenticate up to the maximum limit stated in the configuration and this IPS is very effective in preventing attacks that will occur on the server, such as bruteforce attacks on SSH ports (22), FTP (21), SMTP (25), etc., even other …
As usual, in the Surabaya Hacker Link group there are various challenges. Not only admins create them, but members also submit challenges, and I helped deploy this one. Not only deploying it, of course I also tried solving it :3
Without further ado, we accessed the challenge at challshl.com.
Since I was involved during deployment, I had a slight idea where the bug was located. The cool term would be white box pentest, meaning testing by reading the website source code cmiiw.
First of all, Happy Eid al Fitr 1440 H, please forgive any mistakes. Nothing in this world is perfect, including this writing.
Since the launch of the BSSN program titled V2DP or Voluntary Vulnerability Disclosure Program, many people have asked in discussion forums and social media groups about how to properly write a bug report after discovering a vulnerability. Here are a few tips from me on how to write a good report.
After a long time without creating a challenge, I finally decided to make a simple one.
This challenge is themed as a QR Code Generator, but the vulnerability is not in the QR Code itself. Below is a simple way to solve it.
Gathering Information Challenge Given
As usual, the challenge was posted in the Surabaya Hacker Link group. There was no clue at all, so we directly accessed the website. It turned out to be a QR Generator page with name and Instagram input fields.
After using a custom domain with GitHub Pages, I was quite happy to host on GitHub for free and use a unique workflow. However, after some time I noticed that no emails were coming from the custom domain. It turned out the mail server was not connected.
I searched the internet using the DuckDuckGo search engine but found no clear answers even after going through several pages. On GitHub Pages itself, there is no explanation about how to keep email working properly. After digging deeper, I found …
I have wanted to have my own blog and custom email for a long time. Eventually, I started blogging using WordPress. However, as a student with a limited budget, I could only afford a web.id domain which now can use .id and the cheapest hosting plan 100,000 per year at Dracoola.
After publishing several articles with WordPress, the hosting disk usage became quite large, so I stopped adding new articles and the site felt heavy to access. Since then, I took a break.
In the Surabaya Hacker Link Telegram group, I and @ytyao often create challenges such as web hacking, reversing, and others. However, in a previous challenge there was a small incident, the website was hacked. Well, the website was intentionally built to be hacked, but this hacker performed a mass wipe by deleting all files and folders. From that incident I learned something new, post incident handling, or commonly called Incident Response.
