Irani chai, a sweet spiced creamy chai recipe which is popular all over India. This is going viral because it is simple, creamy, and very comforting. It is not like regular chai with many spices. Here the milk is cooked slowly for a long time until it becomes thick and rich, then mixed with strong...
The post Irani Chai Recipe appeared first on Yummy Tummy.
Bariatric gelatin recipe orΒ Dr Jennifer Ashton gelatin trickΒ is one of 2025βs most talked about wellness habits. Youβve probably seen it on tiktok, heard about it on morning health segments, or come across people calling it theΒ Jennifer Ashton weight loss trick. But what exactly is this method? And does dr Jennifer Ashton gelatin recipe really helps with appetite control?
In this post I am sharing with you theΒ complete explanation, theΒ 2025 gelatin trick recipe from tiktok and trending Instagram reels, the gelatin cubes routine, the timing protocol, and aΒ clear bariatric variation comparison.
Many people associate this routine with Dr Jennifer Ashton because it matches her approach towardΒ sustainable, simple, science aligned health habits. And she often talks about nutritional benefits of collagen and gelatin.
She is often seen usingΒ hydrolyzed collagen powderΒ in her daily βfirst mealβ smoothie.
Small daily habits can make it easier to stay consistent with healthy choices. The gelatin trick fits perfectly into that pattern. However, itβs important to note:
While this isnβt an official recipe from Dr Jennifer Ashton, itβs a wellness-community interpretation that aligns with her practical, habit-based approach
The gelatin trick for weight loss is essentially a pre-meal fullness strategy. By consuming a small amount of unflavored gelatin before meals, you create a gentle gel in the stomach that adds volume without significant calories. This slows gastric emptying, increases feelings of satiety, and helps regulate appetite more effectively.
As a result, many people find they naturally eat smaller portions, avoid overeating, and make more mindful food choices. The trick doesnβt burn fat or boost metabolism, and itβs not intended to replace meals
So this viral gelatin trick is a supportive tool that helps reduce cravings and promote portion awareness in a practical, achievable way. The benefits of this Viral genetic trick comes entirely fromΒ appetite control and healthier meal behaviors.
This is the gentle, simple recipe most closely aligned with what people call the Dr Jennifer Ashton gelatin trick recipe .
Step 1: Bloom the gelatin
Sprinkle the gelatin over 1β2 tablespoons of cold water.
Let it sit for 1 minute until it becomes spongey.
(This prevents clumping.)
Step 2: Add hot water
Pour in the hot water and stir continuously until fully dissolved.
Step 3: Add cold water or tea
Stir again and add lemon juice if desired.
Step 4: Chill
Refrigerate for 2β3 hours until it lightly sets.
You can also drink it warm immediately.
Step 5: Take before meals
ConsumeΒ 15β30 minutes before lunch or dinner.
Gelatin cubes have become a popular version of the 2025 gelatin trick because they make the routine easier and more convenient. Instead of preparing the mixture daily, the gelatin is poured into silicone molds and set into small, ready-to-eat cubes that can be taken before meals.
These cubes are low in calories, easy to carry, and perfectly portioned, ideal for busy schedules. Most people use two to four cubes per day, typically before lunch and dinner, to support appetite control and reduce mid-meal cravings.
The gelatin cubes routine fits seamlessly into the overall gelatin trick protocol and offers a simple way to stay consistent. This supports fullness without adding significant calories. Geletin Cubes Recipe for Weightloss
Gelatin is a colorless, flavorless protein made from collagen. The collagen helps to keep our skin, joints, and tissues strong. When you mix gelatin with hot water and let it cool, it turns into a soft gel. That gel-like texture is what makes the βgelatin trickβ helpful, because it creates gentle fullness in the stomach before a meal.
Once you eat it, gelatin breaks down into amino acids like glycine and proline, which support your gut lining, skin, and joints. Itβs an easy way to get some of the benefits of collagen without needing any fancy ingredients.
This updated routine is often called theΒ 2025 gelatin trick protocolΒ or theΒ 7-day gelatin routine. Here is the safest and most effective way to use it:
1 cube with warm water or herbal tea. Supports appetite rhythm and reduces mid-morning snacking.
1β2 cubes: Best timing for preventing overeating at lunch.
1 small cube: Helps reduce evening cravings and late-night snacking.
Taking gelatinΒ beforeΒ meals triggers satiety signals early leading to better food decisions, smaller portions, and calmer hunger patterns.
People often confuse theΒ bariatric gelatin variationΒ with theΒ viral gelatin trick, but they are very different.
The bariatric version supports healing and viral gelatin trick supportsΒ fullness before meals. They areΒ not interchangeable.
The answer is yes but for appetite control. The fullness effect created by gelatin is real and rooted in basic digestive physiology. When gelatin forms a gel in the stomach, it delays gastric emptying, helps you feel satisfied sooner, and makes it easier to choose smaller portions.
It also creates a natural pause before eating, which supports mindful eating and reduces the likelihood of overeating. However, the gelatin trick does not burn fat or accelerate metabolism.
But I important point to note is It works best as a gentle support habit when paired with balanced meals, adequate protein, fiber, hydration, daily movement, and consistent sleep. TheΒ gelatin trick not a magic solution, but it can play a meaningful role in helping you eat more intentionally.
No. It is an inspired routine shared within the wellness community that aligns with her overall practical health philosophy.
2β4 small cubes, typically before meals.
Yes, gelatin contains calories and is not fasting safe.
You can, but it may not provide the same fullness, and artificial sweeteners may not suit everyone.
Only with medical approval. Bariatric gelatin is a different formula used for recovery.
No. It supports fullness, not fat metabolism.
15β30 minutes before meals is the most effective timing.
The Jennifer Ashton gelatin trick focuses on a simple pre-meal habit often associated with her practical wellness style, while the basic gelatin trick is the generic version used for appetite control. Both use the same concept, but the 2025 βAshtonβ version emphasizes timing, cubes, and habit structure.
It does not burn fat, but it creates a fullness effect before meals, helping reduce overeating and supporting mindful portion control. The benefit is appetite regulation, not metabolism changes.
TheΒ Dr Jennifer Ashton gelatin trick recipeΒ andΒ gelatin cubes routineΒ are popular because theyβre simple, accessible, and effective forΒ supporting fullness before meals. They donβt promise miracle results but theyΒ doΒ make mindful eating easier.
Think of this as a gentle, steady habit you can layer into your day one that helps with appetite, cravings, and portion control, especially when paired with balanced meals.
If you want to understand the basic version of the gelatin trick for weight loss, you can read my detailed guide here
If You like this recipe and made it Please rate the recipe. It helps us to reach more people. For the Latest updates Subscribe toΒ Rekhaβs Whatsapp. You can follow me on Β Instagram, Β Facebook,Β Youtube,Β PinterestΒ for more food inspirations.
Easy Jamu juice recipe, a traditional Indonesian herbal drink that you might have seen in Bali. Jamu is full of anti-inflammatory and healing properties. A delicious and potent blend ofΒ fresh turmeric, ginger, lemon, black pepper and water , jamu juice can be enjoyed in the summer months or served as a hot tea in winter for good health benefits.
If youβve been scrolling through wellness reels or have travelled to Bali, youβve probably seen small glasses of bright golden jamu juice everywhere and wondered:Β What exactly is this drink and does it really do anything?
In this post, Iβm breaking down this golden orange wellness shotsΒ what jamu juice is, how itβs been used traditionally in Indonesia, what we actually know from research, and of course myΒ easy jamu juice recipeΒ that you can batch prep at home.
As a nutritionist, Iβll also talk about where it fits realisticallyΒ into a healthy lifestyle and where it doesnβt.
JamuΒ is a traditional Indonesian herbal tonic made from roots, spices, and herbs β most commonlyΒ turmeric and ginger. It has been used for centuries in Java and Bali as part of daily wellness routines, not just as a trendy drink.
There are many styles of jamu, but when people sayΒ jamu juice, they usually mean a bright yellow drink made from:
Traditionally, jamu is:
In short:Β jamu juice is an Indonesian turmeric ginger wellness drink is warming, earthy, slightly spicy and tangy, with a gentle sweetness.
Hereβs what usually goes into a classicΒ jamu turmeric ginger drink, plus what each ingredient brings to the table.
This version is inspired by classicΒ jamu kunyit asamΒ with turmeric, ginger, tamarind, and citrus.
This will vary based on sweetener and how much pulp you strain out, but roughly For per Β½ cup, lightly sweetened:
Slice the fresh ginger roots and ginger. You can scrub the peel off or let it be. While slicing gloves help with preventing turmeric stains.
Boil and simmer ginger roots and turmeric in water.
Blend the mixture
Pour the mixture through a sieve or nut-milk bag into a jug.
Now Serve in a glass add few drops of lemon juice, maple syrup/raw honey and pink salt
In Indonesian wellness culture, jamu juice is used to:
These are traditional beliefs passed down through generations, and many people still drink jamu daily for these reasons.
Modern research doesnβt study βjamu juiceβ as a single drink very much, but it does look at itsΒ main ingredients: turmeric, ginger, tamarind, and sometimes lemongrass.Β
So jamu juice isΒ not a magic cure, but itβs a concentrated way to enjoy several anti-inflammatory and antioxidant ingredientsΒ together as part of a healthy lifestyle.Β
Short answer:Β jamu juice on its own may not melt fat,Β but it can support a weight-loss or weight-management plan in a few helpful ways.
Hereβs how it can fit into aΒ realisticΒ weight-loss journey:
However:
So, Jamu juice can be a smart, low-sugar drink choice inside a healthy routine, but it isnβt a standalone weight-loss trick.
There isnβt one strict rule, but these guidelines are a good starting point:
Once youβve tried the basic recipe, play with these twists:
Jamu is perfect forΒ batch prep.
A quick comparison to help readers choose what they want:
| Drink | Base | When to drink | Vibe |
|---|---|---|---|
| Jamu Juice | Water / coconut water + turmeric & ginger | Any time of day, chilled or warm | Light, tangy, spicy wellness tonic |
| Golden Milk | Milk / plant milk + turmeric & spices | Evening or cosy nighttime drink | Comforting, creamy, latte-style |
| Ginger Shots | Ginger-heavy juice (often with lemon) | Quick morning βwake upβ shot | Very strong, fiery, tiny serving |
| Turmeric Tea | warm drink with Turmeric ginger and lemon | When you want anti inflammatory warm drink | light and mild in big serving |
Jamu is perfect forΒ Sunday batch prep.
It tastes delicious in its unique way. Turmeric has a potent flavour with itβs earthiness, ginger adds spice, which is well balanced with a bit of tartness of lime juice, sweetness of honey
If You like this recipe and made it Please rate the recipe. It helps us to reach more people. For the Latest updates Subscribe toΒ Rekhaβs Whatsapp. You can follow me onΒ Instagram,Β Facebook,Β Youtube,Β PinterestΒ for more food inspirations.
When I am craving something light and refreshing that actually fits your weight loss routine? ThisΒ yummy Costa Rican tea for weight loss is my go to when I want flavor without sugar. You can make this Costa Rican tea recipe and serve it hot on cool mornings or pour it over ice for a bright afternoon sip. Itβs quick to make, easy to batch, and tastes great hot or over ice.
It uses pineappleΒ coreΒ for aroma, fresh ginger for warmth, and lemongrass for a clean citrus note. There is no added sugar. I tested a few ratios to keep the flavor balanced and the process quick. Below you will find step by step photos, storage tips, and a printable recipe card.
In Costa Rica, βteaβ usually means simple, caffeine freeΒ herbal infusions (tΓ©s de hierbas) lemongrass, ginger, mint, chamomile, and other garden herbs steeped in hot water.
Theyβre typicallyΒ unsweetened, light, and served hot or iced; in Nicoya youβll also see local touches likeΒ chan a chia-like seedΒ added for texture.
Note:Β This recipe is intentionally sugarβfree. We are taking inspiration from Costa Rican herbal infusions and skipping sugary drinks altogether.
It isΒ Costa Rican inspiredΒ and leans on herbal and plantβbased infusions enjoyed across the region. We skip sugary beverages and focus on a modern, lighter take that fits a weightβloss routine.
Yes. Use more lemongrass and a bit more ginger. You can also add lemon peel for aroma. The drink will be sharper and less rounded without pineapple core, but still refreshing.
No drink alone burns fat. This tea is lowβcalorie and can replace higher calorie beverages. When paired with a balanced diet and activity, that swap can support weightβmanagement goals.
Chan seeds are traditional in parts of Central America. They form a gel similar to chia. If you canβt find chan, useΒ soaked chia gelΒ in the same way.
You can, but the recipe is designed to be enjoyed unsweetened. If needed, add only a small amount of honey or a zeroβcalorie sweetener and taste as you go.
Iβm a nutritionist and recipe developer who tests each drink for clear, repeatable steps. For wellness claims, I keep language simple and realistic. Herbal teas can help you drink more water, enjoy flavor without calories, and build steady habits. They are not medical treatments. See the disclaimer below.
If You like this recipe and made it Please rate the recipe. It helps us to reach more people. For the Latest updates Subscribe toΒ Rekhaβs Whatsapp. You can follow me onΒ Instagram,Β Facebook,Β Youtube,Β PinterestΒ for more food inspirations.
Recipe Title:Β
Summary:Β A Costa Ricanβinspired herbal tea using pineapple core, ginger, and lemongrass. Light, refreshing, and ready hot or iced. No added sugar, with options for hibiscusβmint and a chan or chia gel addβin.
Prep Time:Β 5 minutes
Cook Time:Β 15 minutes
Total Time:Β 20 minutes
Servings:Β 6 cups (as a mild concentrate)
Ingredients:
Instructions:
Notes:
Nutrition (1 cup, unsweetened, approximate):
Calories 5β10; Carbs ~2 g; Fat 0 g; Protein 0 g. Values vary with steep time and addβins.
Keyword tags:Β costa rican tea, weight loss tea, pineapple ginger tea, lemongrass tea, chan seed tea, sugar free tea
Pinterest Title:Β Costa Rican Tea for Weight Loss (No Sugar)
Pinterest Description:Β Light, refreshing pineappleβginger lemongrass tea inspired by Costa Rica. No added sugar. Hot or iced, with hibiscusβmint and chia/chan options. Save now, sip all week.
Straining the tea into a jar, with lemon wedges on the side.
Pouring golden pineappleβginger lemongrass tea into a clear mug with steam rising.
Iceβfilled glass with ruby hibiscus Costa Rican tea, lime wheel, and mint.
Closeβup of crushed lemongrass and sliced ginger in a pot with pineapple core.
Chai tiramisu cake has a delicious, moist, chai-infused cake with layers of cardamom cream dusted with a cocoa-chai topping. It is an absolutely fabulous fusion dessert perfect for Diwali or any special occasion! (soy-free with gluten-free or nut-free option)
Weβre actually making a super quick cake for this chai tiramisu, instead of using ladyfingers. The rich, creamy textures of the cake and cardamom cream give you the decadence of tiramisu without any eggs or dairy needed.
You can make this with vegan ladyfingers, if you can find those, or you can use vegan cake rusks. Cake rusks are like plain biscotti available in Indian stores, and they work well as a substitute for ladyfingers. Just soak them in the chai, and use them for layering. Or, you can make this simple cake with just a few ingredients.
I heard you about wanting a cake that used a cream topping that didnβt need a freezer to set. The cardamom cream for this chai tiramisu cake sets up thick and spreadable at room temperature, no freezer needed.
Whether you make the cake from scratch or use one of the substitutions, this incredibly delicious chai tiramisu is a hit at any dinner party. It also freezes well, so you can make it ahead. Just thaw it overnight in the fridge.
Continue reading: Chai Tiramisu Cake (Chaimisu!)
The post Chai Tiramisu Cake (Chaimisu!) appeared first on Vegan Richa.
This write-up details the βCatβ machine from Hack The Box, a Medium-rated Linux challenge.
The goal is to complete the βCatβ machine by accomplishing the following objectives:
To obtain the user flag, an attacker first exploits a Stored Cross-Site Scripting (XSS) vulnerability in the user registration form, which allows stealing the administratorβs session cookie. With this stolen session, the attacker accesses the admin panel and exploits an SQL Injection flaw to extract sensitive user credentials from the database. After cracking these credentials, SSH access is gained as a regular user, enabling the retrieval of the user flagβa secret token proving user-level access.
For the root flag, privilege escalation is performed by finding a vulnerable image processing script owned by the root user. The attacker crafts a malicious image payload that executes unauthorised commands with root privileges. This leads to obtaining a root shellβthe highest level of system accessβallowing capture of the root flag, which confirms full control over the machine.
I connected to the Hack The Box environment via OpenVPN using my credentials, running all commands from a Parrot OS virtual machine. The target IP address for the Dog machine was 10.10.11.53.
To identify open ports and services, I ran an Nmap scan:
Loginnmap -sC -sV 10.10.11.53 -oA initialNmap Output:
ββ[dark@parrot]β[~/Documents/htb/cat]
ββββΌ $ nmap -sC -sV -oA initial -Pn 10.10.11.53
# Nmap 7.94SVN scan initiated Tue Jun 17 10:05:26 2025 as: nmap -sC -sV -oA initial -Pn 10.10.11.53
Nmap scan report for 10.10.11.53
Host is up (0.017s latency).
Not shown: 998 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 96:2d:f5:c6:f6:9f:59:60:e5:65:85:ab:49:e4:76:14 (RSA)
| 256 9e:c4:a4:40:e9:da:cc:62:d1:d6:5a:2f:9e:7b:d4:aa (ECDSA)
|_ 256 6e:22:2a:6a:6d:eb:de:19:b7:16:97:c2:7e:89:29:d5 (ED25519)
80/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Did not follow redirect to http://cat.htb/
|_http-server-header: Apache/2.4.41 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Jun 17 10:05:33 2025 -- 1 IP address (1 host up) scanned in 7.38 secondsPerform directory fuzzing to uncover hidden files and directories.
gobuster dir -u http://cat.htb -w /opt/common.txtLetβs perform directory enumeration with Gobuster to identify any potentially useful resources.
Gobuster Output:
Web Path Discovery (Gobuster):
The website features a typical interface with user registration, login, and image upload functionalities, but the presence of an exposed .git directory and accessible admin endpoints indicate significant security vulnerabilities.
Utilised the git-dumper tool to clone the exposed Git repository by executing the command git-dumper http://cat.htb/.git/ git. Subsequently, employed a Git extraction tool to retrieve critical source code files, including join.php, admin.php, and accept_cat.php, for further analysis.
Within the cloned Git repository, several PHP files were identified, meriting further examination for potential vulnerabilities or insights.
The accept_cat.php file is intended to let the admin user 'axel' Accept a cat by inserting its name into the accepted_cats table and deleting the corresponding entry from the cats table. The script correctly verifies the userβs session and restricts actions to POST requests, which is good practice. However, it constructs the insertion SQL query by directly embedding the $cat_name variable without any sanitisation or use of prepared statements:
$sql_insert = "INSERT INTO accepted_cats (name) VALUES ('$cat_name')";
$pdo->exec($sql_insert);This exposes the application to SQL injection attacks, as malicious input in catName could manipulate the query and compromise the database. On the other hand, the deletion query is properly parameterised, reducing risk. To secure the script, the insertion should also use prepared statements with bound parameters. Overall, while session checks and request validation are handled correctly, the insecure insertion query represents a critical vulnerability in accept_cat.php.
This admin page lets the user βaxelβ manage cats by viewing, accepting, or rejecting them. It correctly checks if the user is logged in as βaxelβ before allowing access and uses prepared statements to fetch cat data from the database safely. The cat details are displayed with proper escaping to prevent cross-site scripting attacks.
However, the page sends AJAX POST requests to accept_cat.php and delete_cat.php without any protection against Cross-Site Request Forgery (CSRF). This means an attacker could potentially trick the admin into performing actions without their consent. Also, based on previous code, the accept_cat.php script inserts data into the database without using prepared statements, which can lead to SQL injection vulnerabilities.
To fix these issues, CSRF tokens should be added to the AJAX requests and verified on the server side. Additionally, all database queries should use prepared statements to ensure user input is handled securely. While the page handles session checks and output escaping well, the missing CSRF protection and insecure database insertion are serious security concerns.
The view_cat.php script restricts access to the admin user 'axel' and uses prepared statements to safely query the database, preventing SQL injection. However, it outputs dynamic data such as cat_name, photo_path, age, birthdate, weight, username, and created_at directly into the HTML without escaping. This creates a Cross-Site Scripting (XSS) vulnerability because if any of these fields contain malicious code, it will execute in the adminβs browser.
The vulnerable code includes:
Cat Details: <?php echo $cat['cat_name']; ?>
<img src="<?php echo $cat['photo_path']; ?>" alt="<?php echo $cat['cat_name']; ?>" class="cat-photo">
<strong>Name:</strong> <?php echo $cat['cat_name']; ?><br>
<strong>Age:</strong> <?php echo $cat['age']; ?><br>
</code>To mitigate this, all output should be passed through htmlspecialchars() to encode special characters and prevent script execution. Additionally, validating the image src attribute is important to avoid loading unsafe or external resources. Without these measures, the page remains vulnerable to XSS attacks.
The provided PHP code is vulnerable to several security issues, primarily due to improper input handling and weak security practices. Below is an explanation of the key vulnerabilities, followed by the relevant code snippets:
$success_message and $error_message without sanitisation, making it susceptible to XSS attacks. User inputs (e.g., $_GET['username'], $_GET['email']) are directly echoed, allowing malicious scripts to be injected.<?php if ($success_message != ""): ?>
<div class="message"><?php echo $success_message; ?></div>
<?php endif; ?>
<?php if ($error_message != ""): ?>
<div class="error-message"><?php echo $error_message; ?></div>
<?php endif; ?>md5($_GET['password'])), which is cryptographically weak and easily cracked.$password = md5($_GET['password']);$_GET inputs, which could lead to other injection vulnerabilities if not validated properly.$_GET for sensitive data like passwords, exposing them in URLs risks interception.To mitigate these, use htmlspecialchars() for output, adopt secure hashing (e.g., password_hash()), validate inputs, and use $_POST for sensitive data.
The PHP code for the cat contest registration page has multiple security flaws due to weak input handling and poor security practices. Below are the key vulnerabilities with relevant code snippets:
Cross-Site Scripting (XSS): The $success_message and $error_message are output without sanitization, enabling reflected XSS attacks via crafted POST inputs (e.g., cat_name=<script>alert(βXSSβ)</script>).
<?php if ($success_message): ?>
<div class="message"><?php echo $success_message; ?></div>
<?php endif; ?>
<?php if ($error_message): ?>
<div class="error-message"><?php echo $error_message; ?></div>
<?php endif; ?>$forbidden_patterns = "/[+*{}',;<>()\\[\\]\\/\\:]/";$target_file = $target_dir . $imageIdentifier . basename($_FILES["cat_photo"]["name"]);To mitigate, sanitize outputs with htmlspecialchars(), use stricter input validation (e.g., FILTER_SANITIZE_STRING), sanitize file names, restrict upload paths, and validate file contents thoroughly.
Clicking the contest endpoint redirects to the join page, which serves as the registration page.
Letβs create a new account by completing the registration process.
The registration process was completed successfully, confirming that new user accounts can be created without errors or restrictions.
Logging in with the credentials we created was successful.
After a successful login, the contest page is displayed as shown above.
Letβs complete the form and upload a cat photo as required.
Successfully submitted the cat photo for inspection.
Initialise the listener.
Letβs create a new account by injecting malicious XSS code into the Username field while keeping all other inputs valid.
Letβs fill out the form with normal inputs as before.
The process may take a few seconds or minutes, depending on the response time. I have attempted multiple times to ensure it works successfully.
Once we obtain the token hash, we need to copy and paste it into Firefoxβs inspector to proceed further.
After that, simply refresh the page, and you will notice a new βAdminβ option has appeared in the menu bar.
Clicking the Admin option in the menu bar redirects us to the page shown above.
Click the accept button to approve the submitted picture.
Use Burp Suite to examine network packets for in-depth analysis.
Test the web application to determine if it is vulnerable to SQL injection attacks.
Attempting to inject the SQL command resulted in an βaccess deniedβ error, likely due to a modified or invalid cookie.
After reconstructing the cookie, the SQL injection appears to function as anticipated.
Successfully executed command injection.
We can use the curl command to invoke the malicious file and execute it. The fact that itβs hanging is promising, indicating potential success.
It was observed that bash.sh has been transferred to the victimβs machine.
Success! A shell was obtained as the www-data user.
Itβs unusual to find cat.db while searching for the database file.
Transfer the SQL file to our local machine.
We discovered that cat.db is a SQLite 3.x database.
sqlite3 cat.db opens the cat.db file using the SQLite command-line tool, allowing you to interact with the databaseβrun queries, view tables, and inspect its contents.
The cat.db database contains three tables: accepted_cats, cats, and users, which likely stores approved cat entries, general cat data, and user information, respectively.
Immediate cracking is possible for some obtained hashes.
The screenshot shows the hashes after I rearranged them for clarity.
We need to specify the hash mode, which in this case could be MD5.
We successfully cracked the hash for the user Rosa, revealing the password: soyunaprincesarosa.
Boom! We successfully gained access using Rosaβs password.
The access.log file reveals the password for Axel.
The user Axel has an active shell account.
The credentials for Axel, including the password, were verified successfully.
Access is achievable via either pwncat-cs or SSH.
Executing the appropriate command retrieves the user flag.
The Axel user does not have sudo privileges on the cat system.
We can read the message sent from Rosa to Axel.
The emails are internal updates from Rosa about two upcoming projects. In the first message, Rosa mentions that the team is working on launching new cat-related web services, including a site focused on cat care. Rosa asks Axel to send details about his Gitea project idea to Jobert, who will evaluate whether itβs worth moving forward with. Rosa also notes that the idea should be clearly explained, as she plans to review the repository herself. In the second email, Rosa shares that theyβre building an employee management system. Each department admin will have a defined role, and employees will be able to view their tasks. The system is still being developed and is hosted on their private Gitea platform. Rosa includes a link to the repository and its README file, which has more information and updates. Both emails reflect early planning stages and call for team involvement and feedback.
Checking the machineβs open ports reveals that port 3000 is accessible.
Therefore, we need to set up port forwarding for port 3000.
The service running on port 3000 is the Gitea web interface.
Using Axelβs credentials, we successfully logged in.
Gitea service is running version 1.22.0, which may contain specific features and known vulnerabilities relevant for further evaluation.
Start the Python server to serve files or host a payload for the next phase of the assessment.
Inject the XSS payload as shown above.
The fake email is sent to the user jobert to test the functionality.
Obtained a base64-encoded cookie ready for decoding.
The decoded cookie appears to contain the username admin.
Edit the file within the Gitea application.
Obtained the token as shown above.
<?php
$valid_username = 'admin';
$valid_password = 'IKw75eR0MR7CMIxhH0';
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||
$_SERVER['PHP_AUTH_USER'] != $valid_username || $_SERVER['PHP_AUTH_PW'] != $valid_password) {
header('WWW-Authenticate: Basic realm="Employee Management"');
header('HTTP/1.0 401 Unauthorized');
exit;
}This PHP script enforces HTTP Basic Authentication by verifying the clientβs username and password against predefined valid credentials: the username βadminβ and the password βIKw75eR0MR7CMIxhH0.β Upon receiving a request, the script checks for authentication headers and validates them. If the credentials are missing or incorrect, it responds with a 401 Unauthorised status and prompts the client to authenticate within the βEmployee Managementβ realm.
The password discovered grants root access and functions as an administrator password on Windows machines.
Executing the appropriate command retrieves the root flag.
The post Hack The Box: Cat Machine Walkthrough β Medium Diffculity appeared first on Threatninja.net.
No party is complete without food and drink. Lots of people choose to meet up by the beach for a day of fun in the sun but what sorts of food should people be eating? Read More ...
The post Beach Party Food Ideas: Snacks By The Sea first appeared on Give Me Some Spice!.
If youβre a recent convert to vegetarianism β or even if youβve been doing it for life β one area holds a particular challenge: finding vegetarian food on the go. Thatβs true whether youβre eating Read More ...
The post Eating Vegetarian On The Go: Options And Tricks For You first appeared on Give Me Some Spice!.
Itβs an adventure to find tastes and components that give the body life and the plate colour. Here are 6 ideas to create a nutritious dinner. Making a nutritious diner is similar to creating an Read More ...
The post 6 Ideas to Create a Light and Nutritious Dinner first appeared on Give Me Some Spice!.
Who doesnβt love a get together with friends to enjoy a game night?Β Β Β To get everyone excited about the games, we have to ensure that the food we serve is just as exciting and Read More ...
The post Vegetarian and Vegan Gaming Snacks For Your Brain: Focused and Full first appeared on Give Me Some Spice!.
Waking up to a new day offers a fresh start, a chance to make things better than yesterday. I have realised that the morning sets the tone for the rest of your day. Therefore, I Read More ...
The post How to Kick Start Your Day: Tips and Tricks first appeared on Give Me Some Spice!.
Google is celebrating the popularity of bubble tea with a doodle to highlight the drinkβs cultural significance and widespread appeal. Bubble tea, which originated in Taiwan in the 1980s, has become a global phenomenon and a staple in many countries worldwide. The Google Doodle is a way to pay tribute to the creativity and innovation behind the beloved beverage and celebrate its impact on the world of food and drink. The doodle also reflects the increasing importance of food culture and the role it plays in bringing people together and fostering community.Β
Play Google doodleβs bubble tea game.
Bubble tea, also known as pearl milk tea or boba, is a famous Taiwanese drink that has been enjoyed for decades. Originating in the 1980s, bubble tea has quickly become a staple in many countries worldwide. With its unique combination of chewy tapioca pearls and sweet tea, bubble tea has become a must-try for tea lovers everywhere. In this article, we will explore the history of bubble tea, the ingredients and equipment needed to make it, and how to make bubble tea from scratch.
Bubble tea was first created in the 1980s in Taiwan, where tea shops began experimenting with different flavors and ingredients. It is said that the founder of bubble tea was inspired by a dessert that was popular at the time, which consisted of sweetened, chewy tapioca balls. The tea shop owner decided to add these tapioca pearls to his tea; thus, bubble tea was born.
Bubble tea quickly gained popularity in Taiwan and soon spread to other countries in Asia, including Japan and China. By the 1990s, bubble tea had made its way to the United States and Europe, and today, bubble tea is a popular drink all over the world.
Ingredients and Equipment.
Step 1: Cook the Tapioca Pearls
The first step in making bubble tea is to cook tapioca pearls. To do this, bring a large pot of water to a boil, then add the tapioca pearls. Cook the tapioca pearls for about 20 minutes, stirring occasionally, until they are soft and chewy. Once cooked, drain the tapioca pearls and rinse them with cold water.
Step 2: Brew the Tea
While the tapioca pearls are cooking, brew the tea. To do this, bring a tea kettle or pot of water to a boil, then steep the tea for 5-10 minutes, depending on the type of tea you are using. Strain the tea and set it aside to cool.
Step 3: Add Sweetener and Milk (Optional)
Once the tea has cooled, add sugar or sweetener to taste. If you prefer, you can also add milk to the tea to make it creamier. If you are using a blender, add the tea, sugar, sweetener, and milk to the blender and blend until smooth. If you are not using a blender, simply stir the ingredients together.
Step 4: Add Ice and Tapioca Pearls
Fill each cup with ice, then pour the tea mixture over the ice. Add the cooked tapioca pearls to the cup, then stir to combine.
Step 5: Serve and Enjoy!
Serve the bubble tea with a straw and enjoy! You can also add other toppings such as fruit, syrup, or jelly to customize the flavor of your bubble tea.
Bubble tea is a delicious and unique drink that has become a staple in many countries around the world. With its combination of chewy.
<p>The post Googleβs Bubble Tea Doodle Explained: Tapioca Pearls, Milk Tea, and a Whole Lot of Fun first appeared on Aroma of Kitchen.</p>
Hope that everyone had a lovely Christmas and New Year.Β This year we celebrated our first Diwali and Christmas without my husband.Β As a family, we still wanted to continue the tradition of celebrating these Read More ...
The post Apple Tart appeared first on Give Me Some Spice!.
At the start of Covid, I started making Fresh juices from whatever fruit we had.Β Our favourite is fresh orange juice on its own.Β Sometimes, IΒ hide in some kale and a small piece of Read More ...
The post Kale and Orange Juice with Ginger appeared first on Give Me Some Spice!.
Christmas time or any Festive time, we tend to indulge in buying a lot of food stuff which doesnβt get eaten.Β In our house, we tend to buy a variety of nuts with the intention Read More ...
The post Chewy vegan no bake nut bars appeared first on Give Me Some Spice!.
