Explore >> Select a destination
|
You are here 
|
blog.superautomation.co.uk | ||
| | | | |
blog.ikuamike.io
|
|
| | | | | Difficulty Release Date Author Intermediate 29 Jul 2020 v1n1v131r4 Summary For this box, we perform directory bruteforce on the webserver to discover a vulnerable version of openemr. Openemr here is vulnerable to sql injection that we leverage to extract usernames and password hashes. After cracking the hashes, we use the discovered credentials to access the ftp server and upload a php reverse shell to the webserver. This serves as our initial entry. | |
| | | | |
blog.ikuamike.io
|
|
| | | | | Summary As the name suggests this box had a instance of gitlab where the initial foothold involves getting credentials from obfuscated javascript and once logged into the gitlab instance we abuse webhooks to add our own code and execute it to get a reverse shell. Read on to see how I able to root the box. Enumeration As usual I start with a quick nmap scan to find open ports and then run a second scan for service and version detection. | |
| | | | |
blog.ikuamike.io
|
|
| | | | | Difficulty Release Date Author Intermediate 20 Aug 2019 Zayotic Summary For this box, some directory bruteforce is needed to discover some php files. One of the php files has an lfi vulnerability but can only be access by authenticating to the other page. The login form can be bypassed and we exploit the lfi. For that we poison ssh logs for exploitation to rce. For privilege escalation we exploit a python web app running locally as root using insecure deserialization of the cookie by jsonpickle. | |
| | | | |
vsupalov.com
|
|
| | | Getting back into Django with a new project or after a break? Here's a collection of important parts with Links and useful snippets to help you get up to speed faster. | ||
