Windy's little blog

一切生活中的杂七杂八, and I like CTF.

《从0到1:CTFer的成长之道》1.3“任意文件读取漏洞”第3题

边学习边记录。首先推荐一篇介绍SSTI的好文章。按照官方指南,docker-compose下载并运行,访问本机5000商品,显示一个输入框。随便输入个123,显示N1 page页面,且123被输出了。在burpsuite中看一下,这是个post页面,其中的session是可以注入的,后面看到。点击article后,在bp中随便输入后,可以爆出路径。这个参数带有LFI漏洞。尝试不同输入,/proc/self/environ查看环境变量,爆出服务器路径为/home/sssssserver。Serve

HackMyVm Speed Walkthrough

Another interesting machine from HackMyVm, can be download here.Nmap scan ports, find 22,80,7080 and 8088.Port 80 is a service named "sar2html".Port 7080 is OpenLiteSpeed Control Panel.Port 8088 is a sample site of OpenLiteSpeed.Search the

HackMyVm Talk Walkthrough

Easy one, can be download here.Following is a very simple walkthrough.Scan ports, find 22 and 80. Open Port 80, a chat service.Username has sql injection. So  burpsuite capture the post data, and use sqlmap to dump databases.(User temp is regist

HackMyVm Orasi Walkthrough(SSTI, ELF analysis, APK analysis)

Machine can be download here.Nmap scan ports, 4 ports open.Anonymous login ftp, get a file named "url".Download "url", check filetype, a ELF file.Use "strings" cmd to check useful strings, get nothing but a hint.Check th

HackMyVm Gigachad Walkthrough

Happy Chinese New Year for all CTFers!Machines can be download here.Nmap scan ports.Login ftp as anonymous, get a file.Check file type, it's a zip. Unzip it, get a usrname "chad", and an png file.Check the image, a beautiful building.Fo

HackMyVm Hash Walkthrough(php magic hashes, .Xauthority)

Very interesting machine from HackMyVm, can be download here.Nmap scan ports.Check source code of index.html.Add ".bak" to the extension and scan files of port 80.Download check.bak and check source code.<?php // Login part.

HackMyVm Emma Walkthrough

Machine can be download here.Nmap scan ports.Scan folders and files at port 80.Check robots.txt.Check php version.Google find CVE exploit.Use pwn code from https://github.com/neex/phuip-fpizdam.Get reverse shell.Check ports.Login mysql as user root&n

HackMyVm CelebritySoup Walkthrough

Machine can be download here.nmap -p- -sC -sV --open -oN ports.log 192.168.56.57gobuster dir -u http://192.168.56.57 -t 50 -x .php,.html,.txt -w /usr/share/dirbuster/word

HackMyVm Brain Walkthrough (LFI)

Machine can be download here.Nmap scan ports.Brutefoce port 80.Go on bruteforce in /brainstorm.wfuzz -w /usr/share/wfuzz/wordlist/general/common.txt --hh 0  'http://192.168.56.54/brainstorm/file.php?FUZZ=/etc/passwd&

HackMyVm Insomnia Walkthrough (RCE)

Machines can be download here.Nmap scan ports.Gobuster scan files and folders.Visit main page, get chat window.Visit chat.txt, chat history is here.Visit administration.php, get error.There should be some parameter for administration.php.wfuzz -
<< 1 >>

Powered By Z-BlogPHP 1.7.0