Windy's little blog

一切生活中的杂七杂八, and I like CTF.

Vulnhub hacksudo:3 Walkthrough

https://www.vulnhub.com/entry/hacksudo-3,671/Scan port 80, find a lot php files. Most of them are rabbit holes.Get code injecting through fuzzing generator.php.Then we can upload a php shell, and  get reverse shell. In /var/www, find a file name

Vulnhub hacksudo:2 Walkthrough

https://www.vulnhub.com/entry/hacksudo-2-hackdudo,667/Scan ports.Scan port 80.Info.php is phpinfo, file.php has LFI vunerability.Use pwn code to get a cmd shell.https://raw.githubusercontent.com/vulhub/vulhub/master/php/inclusion/exp.pyCheck if the s

HackMyVm Superhuman Walkthrough

https://hackmyvm.eu/machines/machine.php?vm=SuperhumanScan port 80 with big dic.┌──(kali㉿mykali)-[~/Documents/superhuman] └─$ gobuster dir -u http://192.168.56.95  -t 50  -w /usr/share/dirbuster/word

Vulnhub ColddWorld: Immersion Walkthrough

https://www.vulnhub.com/entry/colddworld-immersion,668/easy one.Scan port 80. Find a login page at /login.Check source code, find a hint. From the hint, we know username and maybe the page has LFI.Check LFI with burpsuite.Get carls.txt, decode base64

Vulnhub SecureCode:1 Walkthrough (An OSWE-like machine)

https://www.vulnhub.com/entry/securecode-1,651/Because there is POC code at the end of the blog, so the walkthrough will be simple.Scan ports, only find 80.Scan port 80, with extension .zip.Download source_code.zip, unzip it, and analyse the source c

Vulnhub XPTO System: 1 Walkthrough

https://www.vulnhub.com/entry/xpto-system-1,635/Scan ports, 80 and 1337(ssh) are open.Nmap told us there is ".git" folder, then I use GitTools, but get nothing useful.We continue to scan port 80.Check source code of login.php, we notice the

使用kali linux的一些备忘录

以下基于kali linux 2020.41.安装discord在kali linux上安装discord会有依赖错误,其中有一个依赖需要按如下方法安装,kali linux自带仓库找不到。curl -p --insecure "http://ftp.br.debian.org/debian/pool/main/liba/libappindicator/libappindicator1_0.4.92-8_amd64.deb" --out

Vulnhub Nasef Walkthrough

https://www.vulnhub.com/entry/nasef1-locating-target,640/scan files at port 80.wget goodmat.txt, get a username and ssh key file.decrypt encrypted ssh key.log in ssh.find writable file.add new root account to /etc/passwd.root@nasef1:~# id;hostna

Vulnhub Gaara Walkthrough

https://www.vulnhub.com/entry/gaara-1,629/Scan port 80, find Cryoserver.┌──(kali㉿mykali)-[~/Documents/gaara] └─$ curl http://192.168.56.78/Cryoserver | sed '/^$/d'   % Total    %&n

Vulnhub ICMP: 1 Walkthrough

https://www.vulnhub.com/entry/icmp-1,633/Scan ports, find 22 and 80.┌──(kali㉿mykali)-[~/Documents/icmp] └─$ nmap -sV -sC -p- 192.168.56.81  -oN ports.log ... PORT   STATE SERVICE VER
<< < 1 2 3 4 5 6 7 > >>

Powered By Z-BlogPHP 1.7.0