Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub Wayne Manor: 1 Walkthrough

http://www.vulnhub.com/entry/wayne-manor-1,681/Read GUIDELINES.txt in unziped files.GUIDELINES:     Add '<ip> waynemanor.com' to the '/etc/hosts' file.     

Vulnhub Wireless: 1 Walkthrough

https://www.vulnhub.com/entry/wireless-1,669/Nmap scan ports.nmap -sV -p- -oN ports.log 192.168.33.136Scan port 80, only index.html.Visit port 8000, look like a cms site. Take care the upper-left, there is a username "ji

Vulnhub shenron: 2 Walkthrough

https://www.vulnhub.com/entry/shenron-2,677/Scan ports.Scan port 80, nothing useful.Scan 8080, looks like a wordpress site.Check source code of index.php, in order to make wordpress works,  need to add http://shenron to /etc/hosts. Wpscan found

Vulnhub hacksudo: aliens Walkthrough

https://www.vulnhub.com/entry/hacksudo-aliens,676/Scan ports.Scan port 80.In /backup/mysql.bak, found credentials.Log in phpmyadmin at port  9000 using this credentials. Create a shell php.SELECT "<?php system($_GET['c'

Vulnhub Bluemoon 2021 Walkthrough

https://www.vulnhub.com/entry/bluemoon-2021,679/Simple and straightforward one.Scan ports.Scan port 80, check hidden_text file.Decrypt the png to text,get username and password of ftp.Login ftp, download information.txt, find username robin, and a pa

Vulnhub hacksudo:3 Walkthrough

https://www.vulnhub.com/entry/hacksudo-3,671/Scan port 80, find a lot php files. Most of them are rabbit holes.Get code injecting through fuzzing generator.php.Then we can upload a php shell, and  get reverse shell. In /var/www, find a file name

Vulnhub hacksudo:2 Walkthrough

https://www.vulnhub.com/entry/hacksudo-2-hackdudo,667/Scan ports.Scan port 80.Info.php is phpinfo, file.php has LFI vunerability.Use pwn code to get a cmd shell.https://raw.githubusercontent.com/vulhub/vulhub/master/php/inclusion/exp.pyCheck if the s

Vulnhub ColddWorld: Immersion Walkthrough

https://www.vulnhub.com/entry/colddworld-immersion,668/easy one.Scan port 80. Find a login page at /login.Check source code, find a hint. From the hint, we know username and maybe the page has LFI.Check LFI with burpsuite.Get carls.txt, decode base64

Vulnhub SecureCode:1 Walkthrough (An OSWE-like machine)

https://www.vulnhub.com/entry/securecode-1,651/Because there is POC code at the end of the blog, so the walkthrough will be simple.Scan ports, only find 80.Scan port 80, with extension .zip.Download source_code.zip, unzip it, and analyse the source c

Vulnhub XPTO System: 1 Walkthrough

https://www.vulnhub.com/entry/xpto-system-1,635/Scan ports, 80 and 1337(ssh) are open.Nmap told us there is ".git" folder, then I use GitTools, but get nothing useful.We continue to scan port 80.Check source code of login.php, we notice the
<< < 1 2 3 4 > >>

Powered By Z-BlogPHP 1.7.0