Sharing writeups of CTF challenges and Machines
This post is a writeup about Pyexp machine from Vulnhub.You can check the machine from this link. Scan open ports The first thing that I always do is to scan open ports.nmap -sC -sV 192.168.11.142 -p-Here I check all ports of the target machine.I got the following result. I noticed that ssh is open in … Read More “Vulnhub: Pyexp machine easy writeup and explanation” »
Enumeration There is a web server. Add it to the hosts file and check the web page. There’s an upload page. Maybe I can do something here. I found out when I click the preview button after inputting URL, the value in bookurl becomes something like UUID. It doesn’t do any interesting things further. I … Read More “OSCP series – Editorial write-up” »
nmap Add the domain name to the hosts file. Also, port 9091 is open. It is worth checking it. Enumeration When I accessed the web page, the home page looked like the image below. There’s nothing to see on the main page. I ran dirbuster to find directories. There’s one hit. User flag And I … Read More “OSCP series – Soccer writeup” »
nmap The nmap scanning shows ports 22 and 55555 are open. I checked the web page. I found the version of request-baskets is 1.2.1 from the web page. I googled if it has any vulnerabilities, then I found SSRF vulnerability: CVE-2023-27163 Exploitation I downloaded a PoC of the vulnerability from this github page. I proxied … Read More “OSCP series – Sau writeup” »
Nmap 22, 80, and 3000 ports are open. Web pages Port 3000 is uncommon. Checked the page. The web page displays a message like json. This kind of thing is called graphql. I referred to the documentation to learn how to use it. I managed to find out the user credentials using the query below. … Read More “OSCP series – Help write-up” »
Which security scanning tool was utilized by the attacker to fingerprint the blog website? Check the access log file in /Logs/var/log/apache2 Which CVE was exploited by the attacker? CVE-2023-3460 What was the IP Address utilized by the attacker to exploit the CVE? 23.106.60.163 What is the name of the backdoor user added to the blog … Read More “Sherlock Ultimatum write-up” »
