Explore >> Select a destination
|
You are here 
|
blog.superautomation.co.uk | ||
| | | | |
blog.ikuamike.io
|
|
| | | | | Difficulty Release Date Author Intermediate 18 July 2019 Zayotic Summary This box had quite a good number of misconfigurations and vulnerabilities. Initial access was through copying a shadow backup file to a smb share accessible anonymously using a file copy vulnerability in proftpd. Then lateral movement and privilege escalation was achieved by exploiting rce a locally running librenms instance and finally abusing sudo permissions on mysql to get root. | |
| | | | |
blog.ikuamike.io
|
|
| | | | | Difficulty Release Date Author Intermediate 20 Aug 2019 Zayotic Summary For this box, some directory bruteforce is needed to discover some php files. One of the php files has an lfi vulnerability but can only be access by authenticating to the other page. The login form can be bypassed and we exploit the lfi. For that we poison ssh logs for exploitation to rce. For privilege escalation we exploit a python web app running locally as root using insecure deserialization of the cookie by jsonpickle. | |
| | | | |
blog.ikuamike.io
|
|
| | | | | Difficulty Release Date Author Intermediate 7 Apr 2020 Zayotic Summary In this box, we need to perform some directory bruteforce then use shellshock vulnerability to get our first shell. We then sniff local traffic using tcpdump and get credentials for the next user who has permissions to write python2.7 lib directory. Using those write permissions we hijack a library that is imported in a script that is executed by root in a cron job. | |
| | | | |
www.ft.com
|
|
| | | New audiences for Suits and Ballers, but licensing costs may squeeze profits. | ||
