HackMyVm T800 Walkthrough (X11 forwarding through ssh, conky)2021-04-11 10:38:26
https://hackmyvm.eu/machines/machine.php?vm=T800Very interesting machine, I have to spend whole day learning how to doX11 forwarding and how to config conky, in order to solve it.Scan ports first.Scan port 80, at /index.html, found username "ruu
Vulnhub Bluemoon 2021 Walkthrough2021-04-09 10:24:40
https://www.vulnhub.com/entry/bluemoon-2021,679/Simple and straightforward one.Scan ports.Scan port 80, check hidden_text file.Decrypt the png to text,get username and password of ftp.Login ftp, download information.txt, find username robin, and a pa
HackMyVm Eighty Walkthrough2021-04-08 23:59:44
https://hackmyvm.eu/machines/machine.php?vm=EightyInteresting machine, thanks sML@HackMyVm.Scan ports.Port 80 is unavailable right now. Port 70 is not http, but gopher (which is not familiar).We can use firefox to visit port 70. Also, we can use &quo
HackMyVm Eyes Walkthrough2021-04-06 13:28:04
https://hackmyvm.eu/machines/machine.php?vm=EyesScan ports.Log in ftp as anonymous, and get index.php.Check the source code of index.php, has LFI.<?php
$file = $_GET['fil3'];
if(isset($file))
{
include($file);
}
else
{
pr
Vulnhub hacksudo:3 Walkthrough2021-04-05 23:37:22
https://www.vulnhub.com/entry/hacksudo-3,671/Scan port 80, find a lot php files. Most of them are rabbit holes.Get code injecting through fuzzing generator.php.Then we can upload a php shell, and get reverse shell. In /var/www, find a file name
Vulnhub hacksudo:2 Walkthrough2021-04-05 20:41:09
https://www.vulnhub.com/entry/hacksudo-2-hackdudo,667/Scan ports.Scan port 80.Info.php is phpinfo, file.php has LFI vunerability.Use pwn code to get a cmd shell.https://raw.githubusercontent.com/vulhub/vulhub/master/php/inclusion/exp.pyCheck if the s
HackMyVm Superhuman Walkthrough2021-04-05 15:01:50
https://hackmyvm.eu/machines/machine.php?vm=SuperhumanScan port 80 with big dic.┌──(kali㉿mykali)-[~/Documents/superhuman]
└─$ gobuster dir -u http://192.168.56.95 -t 50 -w /usr/share/dirbuster/word
Vulnhub ColddWorld: Immersion Walkthrough2021-04-01 15:48:08
https://www.vulnhub.com/entry/colddworld-immersion,668/easy one.Scan port 80. Find a login page at /login.Check source code, find a hint. From the hint, we know username and maybe the page has LFI.Check LFI with burpsuite.Get carls.txt, decode base64
Vulnhub SecureCode:1 Walkthrough (An OSWE-like machine)2021-03-21 23:30:29
https://www.vulnhub.com/entry/securecode-1,651/Because there is POC code at the end of the blog, so the walkthrough will be simple.Scan ports, only find 80.Scan port 80, with extension .zip.Download source_code.zip, unzip it, and analyse the source c
Vulnhub XPTO System: 1 Walkthrough2021-03-20 16:18:38
https://www.vulnhub.com/entry/xpto-system-1,635/Scan ports, 80 and 1337(ssh) are open.Nmap told us there is ".git" folder, then I use GitTools, but get nothing useful.We continue to scan port 80.Check source code of login.php, we notice the
- 搜索
- 最新留言
-
- 大哥牛,前面轻轻松松后面死活拿不到rootshell。这反编译看懵逼了
- 老哥,我想看samrasa的
- 老哥你好,在你写的书.net加密与解密中看到有#-流相关的, 让读者需要详细了解可查, 但是最近一直查不到详细文档, 只在github的dnlib等代码能看到些逻辑, 但是不系统. 想来书中既然说需要详细了解可自己查,应该是有些方法的, 能否请简单说几个搜索关键词,谢谢 (我查过 uncompress stream , enc 等,结果都很简单)
- 好滴 多谢
- 你在hackmyvm里找个栏目嚷一嗓子,或者搜索Darkmatter已经拿到root的随便谁都可以问。这个vm中间有一个地方没法过,基本上都是作者告知密码才过的。
- 你的discord的username和tag是多少呀?多谢
- 过程太曲折,不准备写了,可在discord联系
- 老哥,有空hackmyvm的darkmatter写个writeup呗。多谢。
- 当前用户必须是kori,然后用sodu cp把apk文件从irida/里面复制出来,再下载。这个机器我已经删除了,所以很多细节想不起来。你可以在discord频道里问问其他人。
- 提示权限不够 用python3 -m http.server,然后wget也是提示权限不够
- 文章归档
Powered By Z-BlogPHP 1.7.2