Windy's little blog

一切生活中的杂七杂八, and I like CTF.

HackMyVm Narcos Walkthrough

Another very interesting VM from HackMyVm, can be download here.Nmap scan ports.At port 80, there is a static html page.  Bruteforce the folders and files.There is a squirrelmail site, but we can not login now.After stuck here for some time, we

HackMyVm Adroit Walkthrough (very tricky)

Machines can be download here.Nmap scan ports first.Start from 21 port. Log in ftp as anonymous user, and download all the three files.Here's note.txt.Check the structure.PNG, which show us the working theory of the jar program. That means we can

HackMyVm Attack Walkthrough (very interesting!)

A very interesting CTF VM from HackMyVm, can be download here.nmap ports scan.At 80 port, index.html has useful message.Wireshark capture file has extension: pacp. Add it to the folder/file brutefore options.gobuster dir -u http://192.

HackMyVm靶机Hacked的Walkthrough(tmux socket)

靶机下载地址是:https://hackmyvm.eu/machines/machine.php?vm=Hacked。简略叙述过程。加载后扫描目录,只有robots.txt文件。加载后提示有个secretnote.txt文件。根据提示,有webshell。但是一般的字典扫不到,需要在SecList里找到和后门有关的字典,可以找到simple-backdoor.php。curl加载测试,提示参数被修改了,且会马上跳转回主页。burpsuite抓包后,对get的参数进行FUZZ,得到正确的参数名称。

HackMyVm Soul Walkthrough.(ngnix bad config, privilege escalation through agetty)

(英语写几篇,便于国际友人搜索浏览。都是简单句,国内的同学看着应该也不太费劲。)A very tricky VM, level is hard, can be download here.First, use nmap to scan ports.Gobuser to bruteforce folders and files at port 80, found nothing.There's only one image at index.html.Download and extrac

HackMyVm靶机UnbakedPie的Walkthrough(python反序列化,内网渗透)

    第一次搞序列化漏洞,边学边记录,参考了多篇网上资料和walkthrough。靶机下载地址是ttps://hackmyvm.eu/machines/machine.php?vm=UnbakedPie,之前这好像也是TryHackMe的靶机,难度评级是hard。加载运行后扫描端口,注意要加-Pn,只开了一个5003。    打开后是一个博客的页面,都是一些没什么用的内容,点击登录按钮,测试一些常见的用户名和密码,未果。 &

HackMyVm靶机Icarus的Walkthrough(批量读取网页,LD_PRELOAD漏洞)

    (靶机概要:编写简单的脚本批量读取网页,获得ssh的key,LD_PRELOAD漏洞的利用。)     靶机下载地址是https://hackmyvm.eu/machines/machine.php?vm=Icarus。    VirtualBox加载运行后扫描端口,开了22和80。     打开网页,就是一个登录页面,要求输入用户名和密码。先扫一下目录,发现

HackMyVm靶机Winter的Walkthrough(vhost enum,RCE, LFI)

    (靶机概要:vhost扫描,远程命令执行漏洞的利用,利用本地文件包含得到shell)    靶机下载地址https://hackmyvm.eu/machines/machine.php?vm=Winter。    加载运行后,扫描端口,发现开了22和80。        打开主页就是一个静态网页。扫描目录后发现许多文件。 &nbs

HackMyVm靶机Echoed的Walkthrough(bypass special char filtering, bash cmd injection)

    (靶机概要:这个靶机卡了两天,但是想到方法后其实很简单。主要是特殊字符过滤的情况下实现命令注入。)      靶机的下载地址是https://hackmyvm.eu/machines/machine.php?vm=Echoed。      运行后扫描,开了三个端口。         

HackMyVm靶机Driftingblues3的Walkthrough(LFI,命令执行路径)

    (靶机概要:LFI,命令注入到log文件中,找到敏感权限文件,通过更改$PATH进行提权)    靶机下载地址https://hackmyvm.eu/machines/machine.php?vm=Driftingblues3。    加载后扫描,只开了22和80端口。        在80端口进行扫描,发现许多目录,看着都是敏感目录,其
<< < 2 3 4 5 6 7 > >>

Powered By Z-BlogPHP 1.7.0