Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub Wireless: 1 Walkthrough,669/Nmap scan ports.nmap -sV -p- -oN ports.log port 80, only index.html.Visit port 8000, look like a cms site. Take care the upper-left, there is a username "ji

Vulnhub shenron: 2 Walkthrough,677/Scan ports.Scan port 80, nothing useful.Scan 8080, looks like a wordpress site.Check source code of index.php, in order to make wordpress works,  need to add http://shenron to /etc/hosts. Wpscan found

Vulnhub hacksudo: aliens Walkthrough,676/Scan ports.Scan port 80.In /backup/mysql.bak, found credentials.Log in phpmyadmin at port  9000 using this credentials. Create a shell php.SELECT "<?php system($_GET['c'

Vulnhub Bluemoon 2021 Walkthrough,679/Simple and straightforward one.Scan ports.Scan port 80, check hidden_text file.Decrypt the png to text,get username and password of ftp.Login ftp, download information.txt, find username robin, and a pa

Vulnhub hacksudo:3 Walkthrough,671/Scan port 80, find a lot php files. Most of them are rabbit holes.Get code injecting through fuzzing generator.php.Then we can upload a php shell, and  get reverse shell. In /var/www, find a file name

Vulnhub hacksudo:2 Walkthrough,667/Scan ports.Scan port 80.Info.php is phpinfo, file.php has LFI vunerability.Use pwn code to get a cmd shell. if the s

Vulnhub ColddWorld: Immersion Walkthrough,668/easy one.Scan port 80. Find a login page at /login.Check source code, find a hint. From the hint, we know username and maybe the page has LFI.Check LFI with burpsuite.Get carls.txt, decode base64

Vulnhub SecureCode:1 Walkthrough (An OSWE-like machine),651/Because there is POC code at the end of the blog, so the walkthrough will be simple.Scan ports, only find 80.Scan port 80, with extension .zip.Download, unzip it, and analyse the source c

Vulnhub XPTO System: 1 Walkthrough,635/Scan ports, 80 and 1337(ssh) are open.Nmap told us there is ".git" folder, then I use GitTools, but get nothing useful.We continue to scan port 80.Check source code of login.php, we notice the

Vulnhub Nasef Walkthrough,640/scan files at port 80.wget goodmat.txt, get a username and ssh key file.decrypt encrypted ssh key.log in ssh.find writable file.add new root account to /etc/passwd.root@nasef1:~# id;hostna
<< 1 2 3 > >>

Powered By Z-BlogPHP 1.7.0