Having fun with TryHackMe again. So, here is the write up and guideline to pass this Ninja Skills challenge.

Room: https://tryhackme.com/room/ninjaskills
Level: Easy — Intermidiate

Task: Practise your Linux skills and complete the challenges.

Lets get started

As usual, start the machine and open the IP in browser

Have you ever encounter below error message after you trying to execute “npm run build” in your server?

Killed
npm ERR! code ELIFECYCLE
npm ERR! errno 137
npm ERR! project-nuxt@1.0.0 build: `nuxt build`
npm ERR! Exit status 137
npm ERR! 
npm ERR! Failed at the project-nuxt@1.0.0 build script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.npm ERR! A complete log of this run can be found in:
npm ERR!     /home/administrator/.npm/_logs/2021-04-11T08_48_48_675Z-debug.log

The error message “Exit status 137” is mostly referring to NPM doesn’t have enough memory to compile your code in…

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Bounty Hacker challenge.

Room: https://tryhackme.com/room/cowboyhacker
Level: Easy

Task: You talked a big game about being the most elite hacker in the solar system. Prove it and claim your right to the status of Elite Bounty Hacker!

Lets get started

As usual, start the machine and open the IP in browser

As stated, laravel-cors package allows you to send Cross-Origin Resource Sharing headers with Laravel middleware configuration.

Every time you alter origins, ports, etc.. in the cors.php, you need to push to git and if you have gitlab runner or any auto deployment script, it would be take sometimes to update in production.

The simplest answer is Cache.

Let’s create a new ServiceProvider named as CacheCorsServiceProvider

class CacheCorsServiceProvider extends CorsServiceProvider {}

If we take a look at CorsServiceProvider,

...
...
protected function corsOptions()
{
     $config = $this->app['config']->get('cors');
}

the corsOptions get the cors setting from the config and pass it to…

Having fun with TryHackMe again. So, here is the write up and guideline to pass this Glitch challenge.

Room: https://tryhackme.com/room/glitch
Level: Easy

Task: Challenge showcasing a web app and simple privilege escalation. Can you find the glitch?

Separating database into read and write connections is recommended when you can every heavy-read application. Thus, it will reduce the pressure connection flood to database when having single database.

Why recommended R/W database ? This architecture serves the purpose of safeguarding site reliability. If a site receives a lot of traffic and only single database available, it will be overloaded with reading and writing requests and leads the entire system tend to slowing down.

In I will show you 2 way you can do to configure read/write connection in Laravel.

But, please remind that, you will be facing replication lag where sync between read and write might be differ in millisecond depending on network speed and bandwidth.

Method 1 : Create new connections in database.php

This is the hard way which i used before when…

How you eat to your overall health, especially in the long term is one of the most important things you can do to protect your health. If you tend to swallow foods or if eating is overall something you struggle with, try there suggestions to improve your experience and benefit you body well.

Single Tasking

Do you know that google crawled your website and index everything available including your .env file?. Environment file in Laravel located in root project which stores all important information and credentials like database password, email configurations and other env variables. Without proper permission, your system will be compromise badly…

But, do you know that your .env file can be rename? In term of security, you might be thinking of it right? And you might want to hide the .env file to some where hidden in your project directory.

Lately, my web application firewall been detecting several request requesting like this…