Category:Information Security

  • Ms17-010 remote overflow vulnerability – Eternal Blue [cve-2017-0143]

    Time:2020-1-24

    Ms17-010 remote overflow vulnerability (eternal blue) Ti:2019-12-25 By: Mirror Wang Yuyang MS17-010 CVE-2017-0143 MS17-010 CVE-2017-0144 MS17-010 CVE-2017-0145 MS17-010 CVE-2017-0146 MS17-010 CVE-2017-0148 Experimental preparation Loophole principle Ms17-010 vulnerability in kernel state functions in Windows SMB v1srv!SrvOs2FeaListToNtDeal withFEAThere is a buffer overflow on the large non paged kernel pool during the (file extended attributes) conversion. functionsrv!SrvOs2FeaListToNtWill beFEAList […]

  • Apache log4j deserialization code execution (cve-2019-17571) vulnerability analysis

    Time:2020-1-23

    Apache log4j vulnerability analysis It is only used to study the principle of loopholes. It is forbidden to be used for illegal purposes, and the consequences shall be borne by yourself!!! CVE-2019-17571 Vulnerability description Log4j is a Java based open source logging tool of Apache Software Foundation in the United States. Log4j version 1.2 contains […]

  • HA: Chakravyuh Vulnhub Walkthrough

    Time:2020-1-22

    Target link: https://www.vulnhub.com/entry/ha-chakravyuh,388/ Host detection scan:   Port scan: ╰─ nmap -p- -sC -sV 10.10.202.131   FTP anonymous access   Download the compressed file. You need a password to decompress. The basic routine has always been that you need a password. Next, you need to find the decompress password   Directory enumeration     PhpMyAdmin […]

  • Mumbai:1 Vulnhub Walkthrough

    Time:2020-1-21

    Target address: https://www.vulnhub.com/entry/mumbai-1,372/ Host detection:   Host port scan:   FTP download note file TODO: Move these multiple HTTP Servers running to Docker. I hear containers make things inherentlysecure – maybe this will shut those security researchers up. Also, don’t forget to remove all those privilege escalation exploits from /tmp – we don’t want torebuild […]

  • Happycorp:1 Vulnhub Walkthrough

    Time:2020-1-19

    Target link: https://www.vulnhub.com/entry/happycorp-1,296/ Network host scan::   Host port scan:   NFS file system, try mounting mount -t nfs 10.10.202.135:/home/karl /mnt   Prompt no permission to open. Let’s put it here for a while. Look at http. Can admin.php upload in the background and get the shell       Web pages collect user information: […]

  • djinn:1 Vulnhub Walkthrough

    Time:2020-1-18

    Target download link: https://download.vulnhub.com/djinn/djinn.ova   Host port scan:   FTP found some file tips   Port 1337 is a game. Go and have a look   Ha ha, it’s a bit difficult. Let’s give up for now. Can I find anything on the 7331 HTTP server Using dirb dirsearch’s own dictionary, we didn’t find it. […]

  • HA: Dhanush Vulnhub Walkthrough

    Time:2020-1-17

    Target download link: https://www.vulnhub.com/entry/ha-dhanush,396/ Host scan:   Host port scan:   HTTP directory crawling No available directory is found by using dirb dirsearch to crawl In addition, we see that the SSH port is turned on, and generate a web page crawling dictionary for blasting cewl http://10.10.202.147 -w dict.txt   ╰─ hydra -L dict.txt 10.10.202.147 […]

  • Sunset: dusk: Vulnhub Walkthrough

    Time:2020-1-16

    Target link: https://www.vulnhub.com/entry/sunset-dusk,404/ Host IP scan:   IP port scan:   21 port pyftpdlib version 1.5.5 vulnerability 25 port postfix account enumeration 80 Apache httpd version 2.4.38 vulnerability, directory enumeration 3306 MySQL 5.5.5-10.3.18-mariadb-0 + deb10u1 vulnerability, brute force cracking 8080 HTTP PHP cli server version 5.5 vulnerability, directory enumeration 80 HTTP directory enumeration, no result […]

  • Girlfreind:1 Vulnhub Walkthrough

    Time:2020-1-15

    Target link: https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/ Host scan:   HTTP directory access, prompt no permission, right-click source code, prompt xxf   Normal access, register a user, log in, and then view the user profile, traverse and enumerate the user password through ID   eweuhtandingan skuyatuhsedihaingmah cedihhihihiaingmaung qwerty!!!abdikasepak dorrrrrsundatea indONEsiaalice 4lic3pentest pentest By paying attention to log in to […]

  • Sunset-Sunrise: Vulnhub Walkthrough

    Time:2020-1-14

    Target link: https://www.vulnhub.com/entry/sunset-sunrise,406/ Host scan:   Port scan:   HTTP 80 directory enumeration failed HTTP 8080   Google search :Weborf/0.12.2 exploit https://www.exploit-db.com/exploits/14925 Exploit: GET /..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd   Read the file successfully, then we try to read some sensitive directories and files, and finally read the password of MySQL: http://10.10.203.22:8080/..%2f..%2f..%2f..%2f..%2f..%2f..%2fhome%2fweborf%2f.mysql_history   Try to log in to the […]

  • Avoid XSS attacks

    Time:2020-1-13

    How to deal with XSS attack Attack means of XSS Using JavaScript or DOM to attack, XSS (script injection) is submitted, and then the page is displayed, which affects the normal structure of the page. It can also be used as a phishing site to steal the user‘s information. For example, comment on the pageAlert […]

  • Zimbra

    Time:2020-1-12

    Step 1: read the configuration file with xxE   Cve-2019-9670 vulnerability is exploited here to read the configuration file. You need to place a DTD file on your VPS server and make the file accessible through HTTP. For demonstration, I created a warehouse on GitHub to get DTD files from GitHub. In the above figure, […]