Category: Uncategorized
-
Shellshock to DirtyCOW to root
Alright! Another day, another box! Let’s hit it with nmap. Cool cool, nothing on HTTP but OpenSSH is an extremely old version. After a lot of effort, we decide to look at HTTP again. This is a lesson learned the hard way. Always scan major subdirectories, even if they themselves return 404. Okay, let’s try…
-
PHP string comparison bypass to PHP command injection to password cracking to sudo misconfigs
Alright, so, we’ve got another box to hack. Let’s scan it. Now, I don’t know what kip is, but I’m going to go ahead and press X to doubt. That makes a lot more sense. Let’s see if we can login. We’re able to login as anonymous and download index.php.bak… that will probably help later.…
-
Abusing HTTP proxies to connect to unsecured admin services
This is our first challenge. We’re presented with a target and run nmap against it. From this, we see that port 3128 is open, and that it’s usually running Squid proxy. Navigating to this port in a web browser confirms such. We don’t find any blatant/easy-to-exploit vulnerabilities in version 4.14 of Squid, so we decide…