Austin Githinji
Senior Full Stack Developer
Nairobi County, Nairobi, Kenya
Professional Profile
A results-oriented Software Developer with over two years of experience in application and web development. With a dedicated interest in cybersecurity, I proactively research security vulnerabilities to build more robust and secure software. My goal is to leverage my skills in a role where I can contribute to creating secure, high-quality digital solutions
Skills
- HTML
- CSS
- JavaScript
- Tailwind
- TypeScript
- Node
- SQL
- MongoDB
- Git
- GitHub
- Next.js
- React
- Vue
- Docker
- Astro
- PHP
- Linux
Projects
Programmed a Python script to automate the filling of registration forms with realistic, generated user data for testing purposes.
Created a browser extension for Chrome and Firefox that enhances the viewing experience on documentary-area.com by providing high-quality video streams. Achieved community recognition with multiple stars on GitHub, demonstrating project value and user satisfaction.
Experience
- IT Consultant @ A.C.K. St. Stephen’s Church, Gatuanyaga
Gatuanyaga, Kenya - OnsiteSummary:
- Designed and implemented the core IT infrastructure for all pastoral and administrative activities.
Highlights:
- Engineered and managed the church’s audio-visual systems, successfully integrating multiple screens for live services and events.
- Developed and launched the official church website; integrated the Daraja API to enable M-Pesa STK push payments for offerings, streamlining the donation process.
- Built a cross-platform liturgy application using Flutter, providing church services in multiple languages to enhance accessibility for the congregation.
- Co-developer @ TenantMate (Academic Project)
AcademicSummary:
- Co-developed with a team of four students to design and build a Mobile App in Flutter, focusing on the Real Estate sector, with key aspects such as Maintenance Ticketing and Rent Payment Analytics.
Lab Challenges
Problem: Studocu.com restricts access to premium documents using overlays, CSS blurring, and download prevention. However, a vulnerability allows users to bypass these restrictions and download premium content without authentication or payment. The 'Studocuhack' browser extension demonstrates how these client-side controls can be circumvented, exposing premium documents to unauthorized access.
Approach: The extension exploits weaknesses in the client-side implementation by removing premium banners and overlays, unblurring document pages, monitoring the DOM in real-time to remove dynamically loaded restrictions, and injecting a button to generate a print-friendly, downloadable version of the document.
Tools Used: JavaScript DOM APIs, MutationObserver, CSS injection, Browser Extension APIs
Key Code Samples:
- Remove Premium Banners
const premiumBanner = document.querySelector('[class*="PremiumBannerBlobWrapper_preview-banner"]'); if (premiumBanner) premiumBanner.remove(); - Unblur Document Pages
document.querySelectorAll('.page-content').forEach(page => { page.style.filter = 'none'; }); - Real-Time DOM Monitoring
const observer = new MutationObserver((mutations) => { mutations.forEach((mutation) => { mutation.addedNodes.forEach((node) => { if (node.nodeType === Node.ELEMENT_NODE && node.matches('[class*="PremiumBannerBlobWrapper"]')) { setTimeout(removePremiumBanner, 100); } }); }); }); observer.observe(document.body, { childList: true, subtree: true }); - Enable Document Download
function createDownloadButton() { let downloadBtn = document.createElement("button"); downloadBtn.addEventListener('click', generatePDF); return downloadBtn; }
Lessons Learned:
- Client-side controls are insufficient for protecting premium content. Any content delivered to the browser can be accessed by users, regardless of UI restrictions.
- Robust server-side access control is essential to prevent unauthorized access and downloading of premium documents.
- Security through obscurity (e.g., overlays, CSS blurring) does not provide real protection against determined attackers with basic web development knowledge.
Level 1: Path Traversal
Problem: Bypass file access restrictions to read sensitive files on the server using path traversal.
Approach: Manipulated the URL path and used the 'path' argument to access /etc/passwd and /flag.
Example Exploits:
curl http://challenge.localhost:80?path=/../../../etc/passwd --path-as-is -icurl http://challenge.localhost:80?path=/../../../flag --path-as-is -i
Lessons Learned:
- Path traversal vulnerabilities can be exploited by manipulating URL parameters.
- Servers may leak information about required parameters in error messages.
- Always validate and sanitize user input on the server side.
Level 2: Command Injection
Problem: Exploit a command injection vulnerability to execute arbitrary commands and retrieve the flag.
Approach: Injected shell commands using ; to chain commands via the timezone parameter.
Example Exploits:
curl --path-as-is "http://challenge.localhost:80?timezone=whoami;id;"Python requests: url = 'http://challenge.localhost:80?timezone=who;cat /flag;'
Lessons Learned:
- Unsanitized input passed to shell commands can lead to command injection.
- Error messages and stack traces can reveal how input is processed.
- Always use parameterized APIs or proper input validation when invoking system commands.
Level 3: Authentication Logic Flaw
Problem: Bypass authentication to access the flag by exploiting logic flaws in user ID handling.
Approach: Analyzed the source code and accessed the endpoint directly with ?user=1.
Example Exploits:
curl http://challenge.localhost:80?user=1
Lessons Learned:
- User IDs in URLs can be manipulated to access other users’ data.
- Never trust user-supplied identifiers without proper authorization checks.
Level 4: SQL Injection (Login Bypass)
Problem: Exploit SQL injection in the login form to bypass authentication and access the flag.
Approach: Used payloads like flag" -- and " or 1=1-- to bypass password checks.
Example Exploits:
Python requests: username=" or 1=1--, password=adminPython requests: username=flag" --, password=admin
Lessons Learned:
- String interpolation in SQL queries is highly dangerous.
- Always use parameterized queries to prevent SQL injection.
Level 5: SQL Injection (Data Extraction)
Problem: Extract sensitive data from the database using SQL injection in a search parameter.
Approach: Exploited the LIKE clause and used UNION SELECT to extract the flag.
Example Exploits:
Python requests: query=f% (enumerate users)Python requests: query=" UNION SELECT password FROM users -- (extract flag)
Lessons Learned:
- Even seemingly harmless search features can be vulnerable to SQL injection.
- UNION-based SQL injection can be used to extract arbitrary data.
Level 6: SQL Injection with Unknown Table Name
Problem: Extract the flag from a table with an unknown, dynamically generated name.
Approach: Enumerated table names via sqlite_master, then extracted the flag from the discovered table.
Example Exploits:
Python requests: query=" UNION SELECT tbl_name FROM sqlite_master -- (discover table)Python requests: query=" UNION SELECT password FROM table6108655952227085405 ; -- (extract flag)
Lessons Learned:
- SQL injection can be used to enumerate database schema.
- Understanding the underlying database system helps in crafting effective attacks.
Level 7: Blind SQL Injection
Problem: Extract the flag using blind SQL injection, where no direct error or data is returned.
Approach: Tested for password characters one by one using LIKE and GLOB, automated with a Python script.
Example Exploits:
Python requests: username=flag " OR password LIKE "p%" -- -Automated brute-force with Python and string module
Lessons Learned:
- Blind SQL injection requires creative use of application responses to infer data.
- Automating attacks can save significant time in blind scenarios.
- GLOB can be used for case-sensitive matching in SQLite.
Education
Mount Kenya University
Bachelor of Science in Information Technology
Certifications
Cisco Ethical Hacker Certificate
Cyber Shujaa
Web Security Certificate
Linux Foundation