HackMyVm Neobank Walkthrough (python requests, google authentication)2021-01-28 08:02:04
Medium level, machine can be download here.Nmap scan ports, only 5000 is open.Gobuster scan folders and files with medium dic.gobuster dir -u http://192.168.56.48:5000 -t 50 -x .php,.html,.txt -w /usr/shar
HackMyVm Locker Walkthrough (privilege escalation through sulogin)2021-01-25 14:44:50
Machines can be download here. Easy but also interesting one.Nmap scan ports, only 80 is open.Open main page, very simple.Check source code, found locker.php.Click "Model 1", then redirect to locker.php and display a picture.Obviously, the
HackMyVm Tornado Walkthrough2021-01-19 13:02:39
(Tips:LFI through alias, SQL Trunction Attack, Blind RCE, NPM to shell,Caesar Cipher)Very interesting and hard (in my opnion) VM. Can be download here. It's my first time playing a machine with lots of new stuff, so I write this walkthrough for l
HackMyVm Narcos Walkthrough2021-01-18 10:55:22
Another very interesting VM from HackMyVm, can be download here.Nmap scan ports.At port 80, there is a static html page. Bruteforce the folders and files.There is a squirrelmail site, but we can not login now.After stuck here for some time, we
HackMyVm Adroit Walkthrough (very tricky)2021-01-17 19:20:52
Machines can be download here.Nmap scan ports first.Start from 21 port. Log in ftp as anonymous user, and download all the three files.Here's note.txt.Check the structure.PNG, which show us the working theory of the jar program. That means we can
HackMyVm Attack Walkthrough (very interesting!)2021-01-16 17:43:43
A very interesting CTF VM from HackMyVm, can be download here.nmap ports scan.At 80 port, index.html has useful message.Wireshark capture file has extension: pacp. Add it to the folder/file brutefore options.gobuster dir -u http://192.
HackMyVm靶机Hacked的Walkthrough(tmux socket)2021-01-13 13:27:46
靶机下载地址是:https://hackmyvm.eu/machines/machine.php?vm=Hacked。简略叙述过程。加载后扫描目录,只有robots.txt文件。加载后提示有个secretnote.txt文件。根据提示,有webshell。但是一般的字典扫不到,需要在SecList里找到和后门有关的字典,可以找到simple-backdoor.php。curl加载测试,提示参数被修改了,且会马上跳转回主页。burpsuite抓包后,对get的参数进行FUZZ,得到正确的参数名称。
HackMyVm Soul Walkthrough.(ngnix bad config, privilege escalation through agetty)2021-01-13 11:25:37
(英语写几篇,便于国际友人搜索浏览。都是简单句,国内的同学看着应该也不太费劲。)A very tricky VM, level is hard, can be download here.First, use nmap to scan ports.Gobuser to bruteforce folders and files at port 80, found nothing.There's only one image at index.html.Download and extrac
Pickle漏洞利用在python2和python3里有时不通用。2021-01-12 23:21:37
今天在玩HackMyVm的靶机Pickle的时候,遇到了这个问题,python3下pickle.dumps生成的payload代码,在靶机上总是显示进行md5 hash时,ascii编码出错。md5_encode = hashlib.md5(request.form["story"]).hexdigest()\nUnicodeEncodeError: 'ascii' codec can't e
HackMyVm靶机UnbakedPie的Walkthrough(python反序列化,内网渗透)2021-01-11 20:32:47
第一次搞序列化漏洞,边学边记录,参考了多篇网上资料和walkthrough。靶机下载地址是ttps://hackmyvm.eu/machines/machine.php?vm=UnbakedPie,之前这好像也是TryHackMe的靶机,难度评级是hard。加载运行后扫描端口,注意要加-Pn,只开了一个5003。 打开后是一个博客的页面,都是一些没什么用的内容,点击登录按钮,测试一些常见的用户名和密码,未果。 &
- 搜索
- 最新留言
-
- 大哥牛,前面轻轻松松后面死活拿不到rootshell。这反编译看懵逼了
- 老哥,我想看samrasa的
- 老哥你好,在你写的书.net加密与解密中看到有#-流相关的, 让读者需要详细了解可查, 但是最近一直查不到详细文档, 只在github的dnlib等代码能看到些逻辑, 但是不系统. 想来书中既然说需要详细了解可自己查,应该是有些方法的, 能否请简单说几个搜索关键词,谢谢 (我查过 uncompress stream , enc 等,结果都很简单)
- 好滴 多谢
- 你在hackmyvm里找个栏目嚷一嗓子,或者搜索Darkmatter已经拿到root的随便谁都可以问。这个vm中间有一个地方没法过,基本上都是作者告知密码才过的。
- 你的discord的username和tag是多少呀?多谢
- 过程太曲折,不准备写了,可在discord联系
- 老哥,有空hackmyvm的darkmatter写个writeup呗。多谢。
- 当前用户必须是kori,然后用sodu cp把apk文件从irida/里面复制出来,再下载。这个机器我已经删除了,所以很多细节想不起来。你可以在discord频道里问问其他人。
- 提示权限不够 用python3 -m http.server,然后wget也是提示权限不够
- 文章归档
Powered By Z-BlogPHP 1.7.2