Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub hacksudo:3 Walkthrough,671/Scan port 80, find a lot php files. Most of them are rabbit holes.Get code injecting through fuzzing generator.php.Then we can upload a php shell, and  get reverse shell. In /var/www, find a file name

Vulnhub hacksudo:2 Walkthrough,667/Scan ports.Scan port 80.Info.php is phpinfo, file.php has LFI vunerability.Use pwn code to get a cmd shell. if the s

HackMyVm Superhuman Walkthrough port 80 with big dic.┌──(kali㉿mykali)-[~/Documents/superhuman] └─$ gobuster dir -u  -t 50  -w /usr/share/dirbuster/word

Vulnhub ColddWorld: Immersion Walkthrough,668/easy one.Scan port 80. Find a login page at /login.Check source code, find a hint. From the hint, we know username and maybe the page has LFI.Check LFI with burpsuite.Get carls.txt, decode base64

Vulnhub SecureCode:1 Walkthrough (An OSWE-like machine),651/Because there is POC code at the end of the blog, so the walkthrough will be simple.Scan ports, only find 80.Scan port 80, with extension .zip.Download, unzip it, and analyse the source c

Vulnhub XPTO System: 1 Walkthrough,635/Scan ports, 80 and 1337(ssh) are open.Nmap told us there is ".git" folder, then I use GitTools, but get nothing useful.We continue to scan port 80.Check source code of login.php, we notice the

使用kali linux的一些备忘录

以下基于kali linux 2020.41.安装discord在kali linux上安装discord会有依赖错误,其中有一个依赖需要按如下方法安装,kali linux自带仓库找不到。curl -p --insecure "" --out

Vulnhub Nasef Walkthrough,640/scan files at port 80.wget goodmat.txt, get a username and ssh key file.decrypt encrypted ssh key.log in ssh.find writable file.add new root account to /etc/passwd.root@nasef1:~# id;hostna

Vulnhub Gaara Walkthrough,629/Scan port 80, find Cryoserver.┌──(kali㉿mykali)-[~/Documents/gaara] └─$ curl | sed '/^$/d'   % Total    %&n

Vulnhub ICMP: 1 Walkthrough,633/Scan ports, find 22 and 80.┌──(kali㉿mykali)-[~/Documents/icmp] └─$ nmap -sV -sC -p-  -oN ports.log ... PORT   STATE SERVICE VER
<< < 1 2 3 4 5 6 7 > >>

Powered By Z-BlogPHP 1.7.0