Log4Shell Quick Lab Setup for Testing

Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact that it can be easily exploited by anyone is what made this more terrifying. The first edition of this attack

Advertisements

BugCrowd’s LevelupCTF 0x07 walkthrough

LevelupCTF is a seven flag CTF. It contains vulnerabilities from information disclosures to Remote Code execution. Each flag provides hints towards the next flag. The CTF consists of wide range of challenges which provides great learning as well. Below are the vulnerabilities and their impacts that I have found: Sensitive Data Exposure – P4 Broken

Advertisements
symfonos 5 walkthrough root

Symfonos 5: CTF Walkthrough

Symfonos 5 CTF is based on the web application exploit and ldap information gathering to get to the root. This is an easy CTF, but good learning cracking this CTF. The Stuff I have learned is to use ldpsearch and fpm during this CTF . Let’s start the walkthrough! I used Symfonos in a vmware.

Advertisements
Advertisements
Advertisements
Advertisements
Advertisements
overthewire

OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 5-12 LEVELS

This article is continuation of the over the wire bandit series. In case you haven’t read that here it is¬†OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 1-5 LEVELS. So let’s start with the level 6. I logged in level 6 with the credentials I gained in level 5. > level 5-6 ssh bandit5@bandit.labs.overthewire.org -p 2220 password: Level 4-5 password

%d bloggers like this: