Explore >> Select a destination
|
You are here 
|
www.mh4ckt3mh4ckt1c4s.xyz | ||
| | | | |
blog.ikuamike.io
|
|
| | | | | Summary As the name suggests this box had a instance of gitlab where the initial foothold involves getting credentials from obfuscated javascript and once logged into the gitlab instance we abuse webhooks to add our own code and execute it to get a reverse shell. Read on to see how I able to root the box. Enumeration As usual I start with a quick nmap scan to find open ports and then run a second scan for service and version detection. | |
| | | | |
zwischenzugs.com
|
|
| | | | | What is nmap? nmapis a network exploration tool and security / port scanner. If you've heard of it, and you're like me, you've most likely used it like this: nmap 127.0.0.1 ie, you've pointed it at an IP address and observed the output: Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-24 18:36 GMT Nmap... | |
| | | | |
www.justus.pw
|
|
| | | | | [AI summary] The user successfully gained access to a system by exploiting a Heartbleed vulnerability, decrypted an RSA key using a password obtained from memory, and then used that key to log in as the 'hype' user. After enumerating the system, they accessed a Tmux session to gain root access and retrieved the root flag. | |
| | | | |
prakhar.me
|
|
| | | My name is Prakhar Srivastav and I build stuff. I love programming, Python, Vim and ice tea, not necessarily in that order. | ||
