Skip to content

Instantly share code, notes, and snippets.

View quarrcyber's full-sized avatar

hugotran quarrcyber

  • Joined Oct 22, 2025
View GitHub Profile
@quarrcyber
quarrcyber / Pico_Bookmarklet - Writeups.md
Created November 1, 2025 05:17

Pico_Bookmarklet - Writeups

:::info :bulb: Hint1: A bookmarklet is a bookmark that runs JavaScript instead of loading a webpage.
💡 Hint2: What happens when you click a bookmarklet? 💡 Hint3: Web browsers have other ways to run JavaScript too. :::

🎉 Welcome

@quarrcyber
quarrcyber / Pico_IntroToBurp - Writeups.md
Created October 31, 2025 08:36

Pico_IntroToBurp - Writeups

:::info :bulb: Hint1: Try using burpsuite to intercept request to capture the flag.
💡 Hint2: Try mangling the request, maybe their server-side code doesn't handle malformed requests very well. :::

🎉 Welcome

:::info

@quarrcyber
quarrcyber / Web101_Basic security vulnerabilities.md
Created October 31, 2025 07:51

Web101_Basic security vulnerabilities

:::info :bulb: Hai lỗi bảo mật căn bản. File upload và SQL Injection :::

🔹 Date: 30/10/25 & 31/10/25

🐞 I. File Upload Vulnerabilities

@quarrcyber
quarrcyber / Pico_No Sql Injection - Writeups.md
Created October 30, 2025 07:47

Pico_No Sql Injection - Writeups

:::info :bulb: Hint1: Not only SQL injection exist but also NonSQL injection exists.
💡 Hint2: Make sure you look at everything the server is sending back.
:::

🎉 Welcome

:::info

@quarrcyber
quarrcyber / Pico_Unminify - Writeups.md
Created October 30, 2025 03:17

Pico_Unminify - Writeups

:::info :bulb: Hint1: Try CTRL+U / ⌘+U in your browser to view the page source. You can also add 'view-source:' before the URL, or try curl <URL> in your shell.
💡 Hint2: Minification reduces the size of code, but does not change its functionality.
💡 Hint3: What tools do developers use when working on a website? Many text editors and browsers include formatting. :::

🎉 Welcome

@quarrcyber
quarrcyber / NinjaJs_Security & Hacking Base.md
Last active October 29, 2025 18:36

NinjaJs_Security & Hacking Base

:::info :bulb: Tìm hiểu kiến thức nền về nghề Peneration Tester cũng như là một Ethical Hacker :::

🔹 Date: 29/10/25

🔎 1. Giới thiệu Security & Hacking, Penetration Testing

@quarrcyber
quarrcyber / Pico_More SQLi - Writeups.md
Created October 29, 2025 15:54
@quarrcyber
quarrcyber / Pico_WebDecode - Writeups.md
Created October 29, 2025 14:05

Pico_WebDecode - Writeups

:::info :bulb: Hint1: Use the web inspector on other files included by the web page.
💡 Hint2: The flag may or may not be encoded :::

🎉 Welcome

:::info

@quarrcyber
quarrcyber / Pico_SQLiLite - Writeups.md
Created October 28, 2025 17:38

Pico_SQLiLite - Writeups

:::info :bulb: Hint1: admin is the user you want to login as.

:::

🎉 Welcome

:::info

@quarrcyber
quarrcyber / Pico_SSTI1 & SSTI2 - Writeups.md
Last active October 28, 2025 17:23

Pico_SSTI1 & SSTI2 - Writeups

:::info
💡 Hint1: Server Side Template Injection (SSTI).
💡 Hint2: Why is blacklisting characters a bad idea to sanitize input? :::

🎉 Welcome

:::info