Mirai machine is among the retired machines with linux operating system. After detecting and exploiting the vulnerabilities in this machine, we are expected to obtain user and root flags.Let’s get to know the target machine.Classic Scan Full port Scan As a result of port scanning, we saw that “22/tcp ssh”, “53/tcp domain dnsmasq 2.76”, “80/tcp …
Curling machine is a vulnerable machine with a retired Linux operating system. User and root flag values are requested using the vulnerabilities detected as a result of enumuration.First, we perform classic scan, TCP and UDP full port scan to recognize the machine. According to the scan result, we see that ports 80 and 22 are …
Nibbles machine is a vulnerable machine with Linux operating system among retired machines. We are expected to find these vulnerabilities and obtain the user and root flags.First, we check the services and ports running on the target machine; Classic Scan Full Scan As a result of the nmap scan, we see that ports 22 and …
The Postman machine is a machine with a Retired Linux operating system.The services running on the target machine are checked Classic Scan Full TCP Scan Full UDP Scan In Full Port scanning, we see that the Redis service is running and 10000 ports are running, then we detail it. (Redis: -Remote Dictionary Service- It is …
The Irked machine is a machine with Linux operating system among the retired machines.We’re doing a target scan. classic scan TCP Port Full scan UDP Full Scan Here are the ports that are open in order22/tcp open ssh80/tcp open http111/tcp open rpcbind6697/tcp open ircs-u8067/tcp open infi-async34900/tcp open unknown65534/tcp open unknownAmong these ports, what draws our …
The Writeup machine is a retired Linux operating system machine. By hacking this machine, we are asked for user and root flags.
General Machine Information:
It contains a CMS and a sql injection vulnerability that is used to obtain a user credential. Then user is found to be in the non-default group that provides a write access. By providing hijacking, privilege escalation is passed to root.
Machine solving
First we scan for open port information and versions to recognize the target machine
The Networked machine is a retired Linux operating system machine. First, we try to recognize the target machine by performing network scanning. Classic scan Full TCP port scanning Full UDP Port scanning As a result of scaning We see that SSH and http ports are open. When the apache service runs from the http port, …
Fuzzing Fuzzing, temel olarak otomatik bir şekilde hatalı bir şekilde biçimlendirilmiş veri enjeksiyonu kullanarak uygulama hatalarını bulmayı içeren bir Black Box test tekniğidir. Fuzzing, test yapılan uygulamanın arka planında ki algoritma yapısını bilmediğinden dolayı gönderilen verilen uygulamada oluşturduğu etki ve sonuçları analizine dayandığından, uygulama test tekniklerinden black-box kategorisine girmektedir. Fuzzing’e bazen Fuzz Test te …
Try Hack Me ‘de bulunan Overpass odasının çözümünü anlatacağım. (Bir grup Bilgisayar Bilimleri öğrencisi parola yöneticisi yapmaya çalıştığında ne olur? Açıkçası mükemmel bir ticari başarı! Bu kutuda gizli bir TryHackMe abonelik kodu var. Onu bulup etkinleştiren ilk kişi bir aylık ücretsiz abonelik kazanacak! Zaten abonesiyseniz, kodu neden bir arkadaşınıza vermiyorsunuz? GÜNCELLEME: Kod artık …
WEB Application Firewall (Web Uygulama Güvenlik Duvarı) WAF Nedir Web Application Firewall (Web uygulama güvenlik duvarı), WAF her geçen gün karmaşıklaşan sistemlerde, web trafiği üzerinden gelen anormallikleri tespit ederek belirlenen kurallar çerçevesinde gelen taleplerden saldırgan amaçlı talebi engellemek üzere kurulmuş bir teknolojidir. Web uygulamalarımızı saldırgan ziyaretçilerin korumak için web sitesi sunucularına …