《从0到1:CTFer的成长之道》1.3“任意文件读取漏洞”第3题2021-02-28 21:21:04

边学习边记录。首先推荐一篇介绍SSTI的好文章。按照官方指南,docker-compose下载并运行,访问本机5000商品,显示一个输入框。随便输入个123,显示N1 page页面,且123被输出了。在burpsuite中看一下,这是个post页面,其中的session是可以注入的,后面看到。点击article后,在bp中随便输入后,可以爆出路径。这个参数带有LFI漏洞。尝试不同输入,/proc/self/environ查看环境变量,爆出服务器路径为/home/sssssserver。Serve

作者:windy | 分类:Reading | 浏览:673 | 评论:0

HackMyVm Speed Walkthrough2021-02-18 23:25:57

Another interesting machine from HackMyVm, can be download here.Nmap scan ports, find 22,80,7080 and 8088.Port 80 is a service named "sar2html".Port 7080 is OpenLiteSpeed Control Panel.Port 8088 is a sample site of OpenLiteSpeed.Search the

作者:windy | 分类:HackMyVm | 浏览:841 | 评论:0

HackMyVm Talk Walkthrough2021-02-18 22:35:20

Easy one, can be download here.Following is a very simple walkthrough.Scan ports, find 22 and 80. Open Port 80, a chat service.Username has sql injection. So  burpsuite capture the post data, and use sqlmap to dump databases.(User temp is regist

作者:windy | 分类:HackMyVm | 浏览:871 | 评论:0

HackMyVm Orasi Walkthrough(SSTI, ELF analysis, APK analysis)2021-02-17 13:59:47

Machine can be download here.Nmap scan ports, 4 ports open.Anonymous login ftp, get a file named "url".Download "url", check filetype, a ELF file.Use "strings" cmd to check useful strings, get nothing but a hint.Check th

作者:windy | 分类:HackMyVm | 浏览:1952 | 评论:4

HackMyVm Gigachad Walkthrough2021-02-12 11:13:19

Happy Chinese New Year for all CTFers!Machines can be download here.Nmap scan ports.Login ftp as anonymous, get a file.Check file type, it's a zip. Unzip it, get a usrname "chad", and an png file.Check the image, a beautiful building.Fo

作者:windy | 分类:HackMyVm | 浏览:1872 | 评论:0

HackMyVm Hash Walkthrough(php magic hashes, .Xauthority)2021-02-08 08:06:39

Very interesting machine from HackMyVm, can be download here.Nmap scan ports.Check source code of index.html.Add ".bak" to the extension and scan files of port 80.Download check.bak and check source code.<?php // Login part.

作者:windy | 分类:HackMyVm | 浏览:1199 | 评论:0

HackMyVm Emma Walkthrough2021-02-07 09:14:59

Machine can be download here.Nmap scan ports.Scan folders and files at port 80.Check robots.txt.Check php version.Google find CVE exploit.Use pwn code from https://github.com/neex/phuip-fpizdam.Get reverse shell.Check ports.Login mysql as user root&n

作者:windy | 分类:HackMyVm | 浏览:837 | 评论:0

HackMyVm CelebritySoup Walkthrough2021-02-04 13:54:48

Machine can be download here.nmap -p- -sC -sV --open -oN ports.log 192.168.56.57gobuster dir -u http://192.168.56.57 -t 50 -x .php,.html,.txt -w /usr/share/dirbuster/word

作者:windy | 分类:HackMyVm | 浏览:976 | 评论:0

HackMyVm Brain Walkthrough (LFI)2021-02-02 08:40:56

Machine can be download here.Nmap scan ports.Brutefoce port 80.Go on bruteforce in /brainstorm.wfuzz -w /usr/share/wfuzz/wordlist/general/common.txt --hh 0  'http://192.168.56.54/brainstorm/file.php?FUZZ=/etc/passwd&

作者:windy | 分类:HackMyVm | 浏览:1118 | 评论:0

HackMyVm Insomnia Walkthrough (RCE)2021-02-01 21:26:54

Machines can be download here.Nmap scan ports.Gobuster scan files and folders.Visit main page, get chat window.Visit chat.txt, chat history is here.Visit administration.php, get error.There should be some parameter for administration.php.wfuzz -

作者:windy | 分类:HackMyVm | 浏览:1346 | 评论:0

<< 1 >>
«    2021年2月    »
1234567
891011121314
15161718192021
22232425262728
网站分类
搜索
最新留言
文章归档
网站收藏
  • 订阅本站的 RSS 2.0 新闻聚合

Powered By Z-BlogPHP 1.7.3