Domain penetration of three-layer network protection
Environmental preparation
Network topology
The network topology is as follows:
Configure network card
Since the address of the virtual machine has been written to death, problems are likely to occur if it is changed. Therefore, directly create two network cards vm18 and vm19, and specify the following subnet addresses
For a web serve ...
Added by gdhanasekar on Fri, 07 Jan 2022 13:54:32 +0200
[HTB] Nest (samba penetration, file steganography)
DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...
Added by bruceg on Wed, 05 Jan 2022 13:36:09 +0200
[anluan penetration actual combat platform]
I SQL injection
1. Digital type
-1 union select 1,2,3 #
2. Character type
-1' union select 1,2,3 #
3. Search type
or%' order by 7#
or%' union select 1,database(),3,4,5,6,7#
or%' union select 1,group_concat(table_name),3,4,5,6,7 from information_schema.tables where table_schema=database() #
or%' union select 1,group_concat(column_nam ...
Added by Niccaman on Mon, 03 Jan 2022 08:37:51 +0200
Secondary injection of SQL injection
catalogue
1. Principle
Secondary injection process
2. Experimental process
(1) View initial users table
(2) Registered user
(3) Modify user password
3. Cause
Specific code
4. Defensive measures
1. Principle
Secondary injection can be understood as the injection caused by the malicious data constructed by the attacker being st ...
Added by urgido on Thu, 30 Dec 2021 21:11:53 +0200
[HTB] Bastion(mount && guestmount, user cache data information disclosure)
DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...
Added by Risingstar on Sun, 26 Dec 2021 10:31:08 +0200
ATT&CK red team evaluation actual combat range-1 (the smallest in the whole network)
Statement: the series is first official account: Xuan Xuan is safe, please indicate the source of the reprint. The contents of this official account are only used for technical discussions among network fans. All penetration and use of tools need authorization, and no use of illegal channels. Otherwise, the official account and author will not ...
Added by Seol on Sat, 25 Dec 2021 12:05:41 +0200
[HTB] Bounty (IIS7.5 parsing vulnerability, missing patch right: MS10-092)
DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...
Added by limao on Fri, 24 Dec 2021 11:11:25 +0200
Analysis of arbitrary file upload vulnerability of security vulnerability
preface
The front desk arbitrary file upload vulnerability of X micro e-office has been exposed for some time, and the related vulnerability exploitation scripts or even vulnerability batch exploitation scripts
There are also many. Here, analyze this vulnerability point according to the system code and POC.
Locate vulnerability points
Accor ...
Added by Absorbator on Wed, 22 Dec 2021 17:04:23 +0200
vulnhub DC9 range practice
preface
The target for this exercise is the 9th and last DC series target under vulnhub platform. The download address is https://www.vulnhub.com/entry/dc-9,412/ . The ultimate goal of challenging the target is to obtain root permission and then read the unique flag. The difficulty of this target is medium. The key point is to know the knockd ...
Added by rsassine on Wed, 15 Dec 2021 21:15:04 +0200
[HTB] Valentine
DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...
Added by A3aan on Tue, 14 Dec 2021 13:06:06 +0200