[HTB]Buff(cms webshell,Bof)

DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...

Posted on Fri, 03 Dec 2021 10:48:10 -0500 by gufmn

[HTB] Antique (SNMP information disclosure, read from any file of lpadmin user group)

DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...

Posted on Wed, 01 Dec 2021 15:51:02 -0500 by ldougherty

[Tryhackme] Brainpan 1 (buffer overflow vulnerability, sudo authorization: custom command)

DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...

Posted on Thu, 25 Nov 2021 17:53:26 -0500 by dionyssos

[Introduction to IOV Security]2. Common ADB commands for Android security

Welcome new students ... ... If a man has no name, he can concentrate on sword practice I am not a salty fish, but a dead one! 0x01 ADB command (primary) View active information for the current application adb shell dumpsys activity top # Print out the four components that run all applications in the system adb shell dumpsys >> in ...

Posted on Sat, 20 Nov 2021 22:26:05 -0500 by tazgalsinh

Complete analysis of Boolean blind injection of SQL injection

Injection principle Boolean blind annotation is applicable when there is no echo during injection. The principle is that the application system makes Boolean judgment when querying according to the where+and statement, that is, the result is true or false, for example, select * from admin where id=1 and 1=1. In general, the application sys ...

Posted on Sat, 06 Nov 2021 00:49:00 -0400 by slak

Getting started with basics - packet expansion

Getting started with basics - packet expansion Website resolution correspondence briefly Website construction process Attack level involved Source code, build platform, system, network layer, etc Safety issues involved Directory, sensitive file, weak password, IP and domain name, etc HTTP/S packet Browser direct access to server Re ...

Posted on Mon, 01 Nov 2021 05:30:12 -0400 by neo926

One file upload, two sites!

catalogue Site 1: file upload Site 2: file upload If the article is helpful to you, you are welcome to pay attention, like and collect. One click three links support the following Oh! If you want to communicate and learn together, you can add zkaq222 (note CSDN, but you can't pass it) to learn and make progress together Site 1: file ...

Posted on Mon, 25 Oct 2021 22:50:08 -0400 by tnan

Intranet Penetration - Information Collection

Manual Information Collection Reference resources: Intranet penetration test: Intranet information collection, upload and download Basic Commands whoami: Who am I? systeminfo: Get basic information about the system ipconfig /all: Get network information View user information Guess the Naming Rule of Network Host net user // ...

Posted on Sat, 09 Oct 2021 13:35:29 -0400 by TwistedLogix

Penetration learning of DC-3 target

11  1, Environmental matching of target aircraft Attack aircraft (KALI): 192.168.226.128 Target (DC-1):   192.168.226.129 (unknown) Target address: DC: 3.2 ~ VulnHub 2, Pre war preparation two point one   IP address confirmation Command: ARP scan - L   Scan all LAN devices (IP, MAC address and manufacturer information of ...

Posted on Fri, 01 Oct 2021 15:09:41 -0400 by Tr4mpldUndrfooT

[PHP code audit] XSS vulnerability

Welcome new students ... ... If you are nameless, you can concentrate on practicing sword I am not a salted fish, but a dead fish! preface XSS vulnerability is one of the most common vulnerabilities in Web applications. Most sites of small companies on the Internet may not have fixed methods to prevent XSS vulnerabilities, so XSS vulner ...

Posted on Wed, 29 Sep 2021 20:41:45 -0400 by depsipher