HackMyVm Crossroads Walkthrough2021-03-05 22:43:07
Machine can be download here.Nmap scan ports, 80,139 and 445 are open.Port 80 is a static index.html, with nothing interesting. Gobuster scan port 80, we get robots.txt and note.txt, but nothing useful too.Move to smb. Smbclient with no usernam
HackMyVm Satori Walkthrough2021-03-05 20:41:52
Machine can be download here.Nmap scan ports. 21,22,80 three ports open.Ftp login as anonymous, find a mkv file with no use.Scan port 80, find index.html and stream.php.Open index.html, looks like a youtube downloader.Check source code of index.html,
HackMyVm Driftingblues5 Walkthrough2021-03-01 23:44:53
A not so easy machine made by tasiyanci, can be download here.Thanks tasiyanci for the hints.Nmap scan ports, 22 and 80.Open port 80, it's a wordpress site.Wpscan the site, found some usernames, but no vulnerable plugins.wpscan --url ht
HackMyVm Speed Walkthrough2021-02-18 23:25:57
Another interesting machine from HackMyVm, can be download here.Nmap scan ports, find 22,80,7080 and 8088.Port 80 is a service named "sar2html".Port 7080 is OpenLiteSpeed Control Panel.Port 8088 is a sample site of OpenLiteSpeed.Search the
HackMyVm Talk Walkthrough2021-02-18 22:35:20
Easy one, can be download here.Following is a very simple walkthrough.Scan ports, find 22 and 80. Open Port 80, a chat service.Username has sql injection. So burpsuite capture the post data, and use sqlmap to dump databases.(User temp is regist
HackMyVm Orasi Walkthrough(SSTI, ELF analysis, APK analysis)2021-02-17 13:59:47
Machine can be download here.Nmap scan ports, 4 ports open.Anonymous login ftp, get a file named "url".Download "url", check filetype, a ELF file.Use "strings" cmd to check useful strings, get nothing but a hint.Check th
HackMyVm Gigachad Walkthrough2021-02-12 11:13:19
Happy Chinese New Year for all CTFers!Machines can be download here.Nmap scan ports.Login ftp as anonymous, get a file.Check file type, it's a zip. Unzip it, get a usrname "chad", and an png file.Check the image, a beautiful building.Fo
HackMyVm Hash Walkthrough(php magic hashes, .Xauthority)2021-02-08 08:06:39
Very interesting machine from HackMyVm, can be download here.Nmap scan ports.Check source code of index.html.Add ".bak" to the extension and scan files of port 80.Download check.bak and check source code.<?php
// Login part.
HackMyVm Emma Walkthrough2021-02-07 09:14:59
Machine can be download here.Nmap scan ports.Scan folders and files at port 80.Check robots.txt.Check php version.Google find CVE exploit.Use pwn code from https://github.com/neex/phuip-fpizdam.Get reverse shell.Check ports.Login mysql as user root&n
HackMyVm CelebritySoup Walkthrough2021-02-04 13:54:48
Machine can be download here.nmap -p- -sC -sV --open -oN ports.log 192.168.56.57gobuster dir -u http://192.168.56.57 -t 50 -x .php,.html,.txt -w /usr/share/dirbuster/word
- 搜索
- 最新留言
-
- 大哥牛,前面轻轻松松后面死活拿不到rootshell。这反编译看懵逼了
- 老哥,我想看samrasa的
- 老哥你好,在你写的书.net加密与解密中看到有#-流相关的, 让读者需要详细了解可查, 但是最近一直查不到详细文档, 只在github的dnlib等代码能看到些逻辑, 但是不系统. 想来书中既然说需要详细了解可自己查,应该是有些方法的, 能否请简单说几个搜索关键词,谢谢 (我查过 uncompress stream , enc 等,结果都很简单)
- 好滴 多谢
- 你在hackmyvm里找个栏目嚷一嗓子,或者搜索Darkmatter已经拿到root的随便谁都可以问。这个vm中间有一个地方没法过,基本上都是作者告知密码才过的。
- 你的discord的username和tag是多少呀?多谢
- 过程太曲折,不准备写了,可在discord联系
- 老哥,有空hackmyvm的darkmatter写个writeup呗。多谢。
- 当前用户必须是kori,然后用sodu cp把apk文件从irida/里面复制出来,再下载。这个机器我已经删除了,所以很多细节想不起来。你可以在discord频道里问问其他人。
- 提示权限不够 用python3 -m http.server,然后wget也是提示权限不够
- 文章归档
Powered By Z-BlogPHP 1.7.2