OSCP-like machine for beginners Earlier this week, I developed another machine at Try Hack Me. The machine is very OSCP-like and beginner friendly. You can find it here: https://tryhackme.com/jr/d3bugger Getting a shell A simple Nmap scan shows that there are a few ports open. However, all webserver ports except 8081…
wget
In March 2018, a new Drupal core vulnerability (later named Drupalgeddon2) was discovered and marked as Highly Critical by the Drupal team. The vulnerability affected versions < 8.3.9 / < 8.4.6 / < 8.5.1. This article covers how the vulnerability can be manually exploited using Burp Suite. Further details regarding…
A Local File Inclusion (LFI) vulnerability allows an attacker to read internal system files. In a worst case scenario – it could lead to remote access. This post demonstrates how a remote attacker could achieve a reverse meterpreter shell from manually exploiting a LFI vulnerability. The demonstration is conducted by…