Explore >> Select a destination
|
You are here 
|
highon.coffee | ||
| | | | |
eapolsniper.github.io
|
|
| | | | | ||
| | | | |
blog.ikuamike.io
|
|
| | | | | Difficulty Release Date Author Beginner 2 Mar 2020 Zayotic Summary In this box, we first perform ldap injection on the web application to bypass the login page. Then we are able to read local files by abusing a local file inclusion vulnerability with php base64 filter. From one of the php files we get ldap credentials that we used to authenticate to ldap and dump entries. From the entries we get a base64 encoded password that we could use to ssh into the machine. | |
| | | | |
blog.ikuamike.io
|
|
| | | | | Difficulty Release Date Author Intermediate 20 Aug 2019 Zayotic Summary For this box, some directory bruteforce is needed to discover some php files. One of the php files has an lfi vulnerability but can only be access by authenticating to the other page. The login form can be bypassed and we exploit the lfi. For that we poison ssh logs for exploitation to rce. For privilege escalation we exploit a python web app running locally as root using insecure deserialization of the cookie by jsonpickle. | |
| | | | |
www.welivesecurity.com
|
|
| | | ESET researchers have discovered a new campaign of the Winnti Group that deploys ShadowPad and Winnti malware to target universities in Hong Kong. | ||
