Windy's little blog

一切生活中的杂七杂八, and I like CTF.

HackMyVm T800 Walkthrough (X11 forwarding through ssh, conky)

https://hackmyvm.eu/machines/machine.php?vm=T800Very interesting machine, I have to spend whole day learning how to doX11 forwarding and how to config conky, in order to solve it.Scan ports first.Scan port 80, at /index.html, found username "ruu

HackMyVm Eighty Walkthrough

https://hackmyvm.eu/machines/machine.php?vm=EightyInteresting machine, thanks sML@HackMyVm.Scan ports.Port 80 is unavailable right now. Port 70 is not http, but gopher (which is not familiar).We can use firefox to visit port 70. Also, we can use &quo

HackMyVm Eyes Walkthrough

https://hackmyvm.eu/machines/machine.php?vm=EyesScan ports.Log in ftp as anonymous, and get index.php.Check the source code of index.php, has LFI.<?php $file = $_GET['fil3']; if(isset($file)) { include($file); } else { pr

HackMyVm Superhuman Walkthrough

https://hackmyvm.eu/machines/machine.php?vm=SuperhumanScan port 80 with big dic.┌──(kali㉿mykali)-[~/Documents/superhuman] └─$ gobuster dir -u http://192.168.56.95  -t 50  -w /usr/share/dirbuster/word

HackMyVm Zday Walkthrough

https://hackmyvm.eu/machines/machine.php?vm=ZdayCat ports, a lot opened. Check port 80 first, it's a default apache page. Scan files and folders.Open /fog,  it's login panel of fog project.Google the default crdentials and login. At &quo

HackMyVm Crossroads Walkthrough

Machine can be download here.Nmap scan ports, 80,139 and 445 are open.Port 80 is a static index.html, with nothing interesting. Gobuster scan  port 80, we get robots.txt and note.txt, but nothing useful too.Move to smb. Smbclient with no usernam

HackMyVm Satori Walkthrough

Machine can be download here.Nmap scan ports. 21,22,80 three ports open.Ftp login as anonymous, find a mkv file with no use.Scan port 80, find index.html and stream.php.Open index.html, looks like a youtube downloader.Check source code of index.html,

HackMyVm Driftingblues5 Walkthrough

A not so easy machine made by tasiyanci, can be download here.Thanks tasiyanci for the hints.Nmap scan ports, 22 and 80.Open port 80, it's a wordpress site.Wpscan the site, found some usernames, but no vulnerable plugins.wpscan --url ht

HackMyVm Speed Walkthrough

Another interesting machine from HackMyVm, can be download here.Nmap scan ports, find 22,80,7080 and 8088.Port 80 is a service named "sar2html".Port 7080 is OpenLiteSpeed Control Panel.Port 8088 is a sample site of OpenLiteSpeed.Search the

HackMyVm Talk Walkthrough

Easy one, can be download here.Following is a very simple walkthrough.Scan ports, find 22 and 80. Open Port 80, a chat service.Username has sql injection. So  burpsuite capture the post data, and use sqlmap to dump databases.(User temp is regist
<< < 1 2 3 4 5 6 7 > >>

Powered By Z-BlogPHP 1.7.0