domingo, 27 de agosto de 2023

Remote VulNyx Writeup

ScanningWe scan the open ports with the nmap tool with scripts and software versions:EnumerationWe access to web server and we enumerate an Apache Debian default page:We use to gobuster tool with a dictionary large, we can see the wordpress directory on the server:We access the source code and see that...

sábado, 26 de agosto de 2023

Lesson Learned? TryHackMe Writeup

ScanningWe scan the open ports with the nmap tool, scripts and software versions:EnumerationWe access the website and we can see a authentication:We can testing with guessing password, but not working:We try with login Bypass techniques, we see a SQL Injection protection with "OR" characters, the...

martes, 22 de agosto de 2023

lunes, 29 de mayo de 2023

Jorani v.1.0.0 - SQL Injection (CVE-2023-2681)

Introduction CVE-ID: CVE-2023-2681 Vulnerability Type: SQL Injection Affected Product Code Base: Jorani v.1.0.0 (or before to v1.0.0) Affected Component: Affected source code the "id" parameter of the "/leaves/validate" section. Attack Type: Remote Impact: Extraction or alteration of information stored...

sábado, 27 de mayo de 2023

Valley TryHackMe Writeup

Scanning We scan the open ports with the nmap tool with scripts and software versions. nmap -p22,80,37370 10.10.140.77 -sVC -oN nmap.txt Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-27 10:32 CEST Nmap scan report for 10.10.140.77 Host is up (0.049s latency). PORT STATE SERVICE VERSION 22/tcp...

sábado, 20 de mayo de 2023

Weasel TryHackMe Writeup

Scanning We scan the open ports with the nmap tool with scripts and software versions. > nmap -sVC 10.10.81.101 Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-20 10:57 CEST Nmap scan report for 10.10.81.101 Host is up (0.050s latency). Not shown: 994 closed tcp ports (conn-refused) PORT ...

domingo, 14 de mayo de 2023

Prioritise TryHackMe Writeup

Scanning We scan the open ports with the nmap tool with scripts and software versions. > nmap -sVC -p- --min-rate 5000 prioritise.thm -Pn -n -oN nmap-prioritise.thm Starting Nmap 7.93 ( https://nmap.org ) at 2023-05-14 21:15 CEST WARNING: Service 10.10.247.170:80 had already soft-matched rtsp, but...