Posts

Showing posts from August, 2020

Raven 2 Ctf walkthrough

Image
  Raven 2 CTF Walkthrough   In this article we will see a walkthrough of the Raven: 2 virtual machine. Raven2 :Details Download Raven2 : https://www.vulnhub.com/entry/raven-2,269/ VM Description: Raven 2 is an intermediate level boot2root VM. There are four flags to capture. After multiple breaches, Raven Security has taken extra steps to harden their web server to prevent hackers from getting in. Can you still breach Raven? Penetration Methodology: l  Network Scanning :arp-scan and nmap. l  Directory Brute-force (dirbuster). l  Exploiting RCE in PHP version < 5.2. 18 on Exploit-db l  Reading database password from the wp-config file. l  Searchsploit for MYSQL . l  Exploiting UDF file dynamic library vulnerability for MYSQL using exploit -db. l  MYSQL Database. l  Privilege Escalation . l  Getting Root Access . Let’s try to find the IP of this machine using arp-scan or netdiscover. Below, we can see our results: th...
Post a Comment
Read more

Hackademic Challenge 6 -10

Image
  Hackademic Ch 6 - 10     Link: http://hackademic.teilar.gr/index.html   Challenge 6: What to do : In this assignment you must prove your... knightly skills! Real knights have not disappeared. They still exist, keeping their secrets well hidden. Your mission is to infiltrate their  SITE . There is a small problem, however... We don't know the password! Perhaps you could find it?   Sol: First we have to enter the website. Then I go the source code and I found that are encoded so I have copied encoded part . And pasted in the online Unescape encoded and decoded tool. Then click the decode button .  We got decoded output and copied and pasted in the code writer. Then I go through the code  Later I found getpassinfo column in 128 th  line of code. And  it is highlighter in the above image.   Then I copied the password and enter in tthe website. Then click the check code. Then I got the congratulations message.   Challenge 7: What ...
Post a Comment
Read more