Hi Friends,

I am sharing my notes which I jotted down for my reference, excuse me if I made any mistakes and my english


Well everyone know me as Gayatri Rachakonda. I am working as security professional in a European Bank. This post is about my inner feelings and am not person of getting sympathy from others or self pity. I love writing and I am writing this post for myself and people who are suffering like me. If you think its attention seeking or self pity , please at least give me some freedom to express my views here.

I was born and bought up in small town , my family was well settled. We are family of four. My father is graduated…


I am a cyber security professional and my work is very hectic . I always attend meetings from morning to evening and do my penetration testing. I am passionate about cybersecurity( I m not trying to tell that I am geek )

It was normal weekday November 9th and normally I don’t take much time for report making of tests I carry out.

I started feeling lungs inflammation and I never had knee pains or joint pains, I felt something wrong with my knee , and headache started. I was very weak in initial days itself.

On 12th November i…


BloodHound is an application used to visualize active directory environments. The front-end is built on electron and the back-end is a Neo4j database, the data leveraged is pulled from a series of data collectors also referred to as ingestors which come in PowerShell and C# flavours.

  • It identifies different attack paths in Active Directory , maps access control lists (ACLs), users, groups, trust relationships and unique AD objects.

Setup

•BloodHound is supported by Linux, Windows, and MacOS. Bloodhound is built on neo4j and depends on it. Neo4j is a graph database management system, which uses NoSQL as a graph database.

•Download…


Inside thoughts

1) Becoming successful is not earning money, share your knowledge and become successful.

2)Never forget you roots wherever you are

3) Good person will not criticise or never underestimate other person.

4)Don’t thrive only for your success also help your friends too.

5) Don’t run behind money, you will not take a single penny when your time comes.

6) You should not boast yourself, it should come from others. If you do good deeds then your name will go through Word-of-mouth.

6)Last but not least karma is boomerang, whatever you give it will come back whether its good or bad.


https://tryhackme.com/room/django it’s a free room

First of all understand the basics how to add ALLOWED_HOSTS in seetings.py and read all the introduction of this room to understand how the app works

After completion of reading the introduction , creating a website and concluding , now deploy the server

Connect to the server using putty or any ssh client using username:django-admin and password:roottoor1212

For the user flag

come out of the current directory which django_admin and there is one more folder called Strangefox browse that directory you can find the flag here

For the admin flag

create a super user by…


This is the bug I have found in some vdp program and they really don’t have time to reply back i guess so posting the vulnerability details will be useful.

First if you are taking any target keep in mind that you have to content discovery, you can use tools like dirb, dirsearch and gobuster

My personal fav tool is dirb because its easy to use. I ran dirb on my target https://redacted.com which is running on sharepoint framework

I found out
https://www.redacted.com/_vti_bin/_vti_adm/admin.dll
https://www.redacted.com/_vti_bin/shtml.dll/_vti_rpc

the information about sharepoint https://www.redacted.com/_vti_inf.html

There is a exploitation research paper on the same services
from the…


Vulnerability Category: A7- Cross-site Scripting

Vulnerability Description: A Stored Cross-Site Scripting (XSS) vulnerability occurs when a web application sends stored strings that were provided by an attacker to a victim’s browser in such a way that the browser executes part of the string as code. The string contains malicious data and is initially stored server-side, often in the application’s database. The application later retrieves the malicious data and inserts it into a web page. This results in the victim’s browser executing the attacker’s code within a legitimate user’s session.

Impact: Stored XSS can use to steal cookies, password or to…


Vulnerability Category: A3-Sensitive Data Exposure

Vulnerability Description: When a user uploads an image to the application , the uploaded image’s EXIF Geolocation Data does not gets stripped. As a result, anyone can get sensitive information of users like their Geolocation, their Device information like Device Name, Version, Software & Software version used etc

Impact: This vulnerability violates the privacy of a User and shares sensitive information of the user who uploads an image on application.

Recommendation: Strip all metadata from the image once it is uploaded into the application.

Severity : Medium

CVSS v3.0 Score: 5.3

CVSS v3.0 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N


Vulnerability Category: A3- Sensitive Data exposure

Vulnerability Description: Sensitive data exposure vulnerabilities can occur when an application does not adequately protect sensitive information from being disclosed to attackers. For many applications this may be limited to information such as passwords, but it can also include information such as credit card data, session tokens, or other authentication credentials.

Impact: Attacker will get access to compromised data which includes sensitive data such as health records, credentials, personal data, credit cards, etc.

Recommendation:

● Classify data processed, stored or transmitted by an application. …

gayathri rachakonda

#infosec enthusiast, noob, traveller, foodie, bughunter😝, pentester 🙂

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store