Ransomware Ransomware is a type of malware (malicious software) that encrypts victims’ files, causing them to lose access to their data. The malware will decrypt the files if the ransom has been paid by the victim, but there is no guarantee that all data will be restored. If the victim refuses to pay, some ransomware variants will expose the victim’s files to the internet. Ransomware spreads through fake installers, phishing, exploit kits, remote desktop access, and other methods.
As we know, DNS or Domain Name Server is a service responsible for translating domain names into IP addresses so users do not need to remember complicated IP addresses one by one. Therefore, DNS is a crucial service and must be configured properly. Otherwise, it may cause a domain to become difficult or even impossible for users to access.
For example, some time ago a colleague complained to the infrastructure team because they could not access monev.spbe.go.id. Long story short, I asked the …
In this digital era, protecting personal data is becoming increasingly important, especially in Indonesia. Many internet users still use weak passwords, which can easily be exploited by cybercriminals. If you are looking for information about downloading Indonesian password wordlists, this article will discuss it, including their usage, risks, and how to protect yourself.
What Is a Password Wordlist? A password wordlist is a collection of passwords commonly used by internet users. This list is …
Let’s get straight to the point: this machine is hard, period. When the labs were first launched there were three machines: Zombie, Hellbound, and Anonymouz. In my opinion this one is quite difficult, probably due to my lack of experience in exploitation and intuition. Until the time this write-up was written, the author still hadn’t obtained the root user flag and was stuck at www-data. Fortunately, the user flag is readable by www-data, so it can still be submitted.
Retas.io is a company from PT. Solusi Siber Teknologi that offers various security services ranging from Vulnerability Assessment, Penetration Testing, to other specialized IT and security-related needs.
Recently retas.io launched a new product called retas labs which is intended to help new players entering the Infosec world. These labs are somewhat similar to Hack The Box. By using a VPN we are required to solve challenges using our IT knowledge and skills. Not only that, they also plan to …
After a long time without creating or solving challenges due to increasingly limited free time and assignments piling up, I finally received information about a challenge from a friend in a Telegram group. This challenge was created by another community called Malang Hacker Link. The challenge is quite unique and fun to solve because no “magic tricks” are required.
From the information provided, I immediately opened the link and found a form with two fields: first name and last name. Since we …
Since this machine has already been retired and is no longer considered relevant as a challenge, I decided to write a solution explaining how to complete the VM Heaven challenge from Surabaya Hacker Link.
In fact, solving this challenge does not require special hacking tools such as sqlmap or metasploit because the challenge is relatively easy. No advanced hacking knowledge is required. As long as you are familiar with the GNU/Linux operating system and understand the basics of pwning (owning) a …
As usual, in the Surabaya Hacker Link group there are various challenges. Not only admins create them, but members also submit challenges, and I helped deploy this one. Not only deploying it, of course I also tried solving it :3
Without further ado, we accessed the challenge at challshl.com.
Since I was involved during deployment, I had a slight idea where the bug was located. The cool term would be white box pentest, meaning testing by reading the website source code cmiiw.
First of all, Happy Eid al Fitr 1440 H, please forgive any mistakes. Nothing in this world is perfect, including this writing.
Since the launch of the BSSN program titled V2DP or Voluntary Vulnerability Disclosure Program, many people have asked in discussion forums and social media groups about how to properly write a bug report after discovering a vulnerability. Here are a few tips from me on how to write a good report.
After a long time without creating a challenge, I finally decided to make a simple one.
This challenge is themed as a QR Code Generator, but the vulnerability is not in the QR Code itself. Below is a simple way to solve it.
Gathering Information Challenge Given
As usual, the challenge was posted in the Surabaya Hacker Link group. There was no clue at all, so we directly accessed the website. It turned out to be a QR Generator page with name and Instagram input fields.
