HackMyVm Emma Walkthrough2021-02-07 09:14:59
Machine can be download here.Nmap scan ports.Scan folders and files at port 80.Check robots.txt.Check php version.Google find CVE exploit.Use pwn code from https://github.com/neex/phuip-fpizdam.Get reverse shell.Check ports.Login mysql as user root&n
HackMyVm CelebritySoup Walkthrough2021-02-04 13:54:48
Machine can be download here.nmap -p- -sC -sV --open -oN ports.log 192.168.56.57gobuster dir -u http://192.168.56.57 -t 50 -x .php,.html,.txt -w /usr/share/dirbuster/word
HackMyVm Brain Walkthrough (LFI)2021-02-02 08:40:56
Machine can be download here.Nmap scan ports.Brutefoce port 80.Go on bruteforce in /brainstorm.wfuzz -w /usr/share/wfuzz/wordlist/general/common.txt --hh 0 'http://192.168.56.54/brainstorm/file.php?FUZZ=/etc/passwd&
HackMyVm Insomnia Walkthrough (RCE)2021-02-01 21:26:54
Machines can be download here.Nmap scan ports.Gobuster scan files and folders.Visit main page, get chat window.Visit chat.txt, chat history is here.Visit administration.php, get error.There should be some parameter for administration.php.wfuzz -
HackMyVm Neobank Walkthrough (python requests, google authentication)2021-01-28 08:02:04
Medium level, machine can be download here.Nmap scan ports, only 5000 is open.Gobuster scan folders and files with medium dic.gobuster dir -u http://192.168.56.48:5000 -t 50 -x .php,.html,.txt -w /usr/shar
HackMyVm Locker Walkthrough (privilege escalation through sulogin)2021-01-25 14:44:50
Machines can be download here. Easy but also interesting one.Nmap scan ports, only 80 is open.Open main page, very simple.Check source code, found locker.php.Click "Model 1", then redirect to locker.php and display a picture.Obviously, the
HackMyVm Tornado Walkthrough2021-01-19 13:02:39
(Tips:LFI through alias, SQL Trunction Attack, Blind RCE, NPM to shell,Caesar Cipher)Very interesting and hard (in my opnion) VM. Can be download here. It's my first time playing a machine with lots of new stuff, so I write this walkthrough for l
HackMyVm Narcos Walkthrough2021-01-18 10:55:22
Another very interesting VM from HackMyVm, can be download here.Nmap scan ports.At port 80, there is a static html page. Bruteforce the folders and files.There is a squirrelmail site, but we can not login now.After stuck here for some time, we
HackMyVm Adroit Walkthrough (very tricky)2021-01-17 19:20:52
Machines can be download here.Nmap scan ports first.Start from 21 port. Log in ftp as anonymous user, and download all the three files.Here's note.txt.Check the structure.PNG, which show us the working theory of the jar program. That means we can
HackMyVm Attack Walkthrough (very interesting!)2021-01-16 17:43:43
A very interesting CTF VM from HackMyVm, can be download here.nmap ports scan.At 80 port, index.html has useful message.Wireshark capture file has extension: pacp. Add it to the folder/file brutefore options.gobuster dir -u http://192.
- 搜索
- 最新留言
-
- 大哥牛,前面轻轻松松后面死活拿不到rootshell。这反编译看懵逼了
- 老哥,我想看samrasa的
- 老哥你好,在你写的书.net加密与解密中看到有#-流相关的, 让读者需要详细了解可查, 但是最近一直查不到详细文档, 只在github的dnlib等代码能看到些逻辑, 但是不系统. 想来书中既然说需要详细了解可自己查,应该是有些方法的, 能否请简单说几个搜索关键词,谢谢 (我查过 uncompress stream , enc 等,结果都很简单)
- 好滴 多谢
- 你在hackmyvm里找个栏目嚷一嗓子,或者搜索Darkmatter已经拿到root的随便谁都可以问。这个vm中间有一个地方没法过,基本上都是作者告知密码才过的。
- 你的discord的username和tag是多少呀?多谢
- 过程太曲折,不准备写了,可在discord联系
- 老哥,有空hackmyvm的darkmatter写个writeup呗。多谢。
- 当前用户必须是kori,然后用sodu cp把apk文件从irida/里面复制出来,再下载。这个机器我已经删除了,所以很多细节想不起来。你可以在discord频道里问问其他人。
- 提示权限不够 用python3 -m http.server,然后wget也是提示权限不够
- 文章归档
Powered By Z-BlogPHP 1.7.2