Grey Zone

I am trying to figure out some sql injection problem without using sqlmap, since sqlmap is not allowed in OSWE exam. Meanwhile, I am also working on Hacker101 so I choose one sql injection problem and use it for the blind sql injection. The problem I selected is: Magical Image Gallery http://35.227.24.107/355c1859dc Things are pretty easy at first. I use python3 requests module and string.printable to enumerate db names and table names. The code is shown below: import requestsimport stringimport ...

Review Summary1. Identify the web injection point with the provided tool. Get the cookie and use the cookie through the following command in browser console: javascript:void(document.cookie=”atmail6=1fp0fjq4aa8sm5if934b62ptv6”); 2. Session Riding vs. Session Hijacking 3. Forge the request (Official tutorial use sending email as an example). To send a email through js, we could use the following code: var email = “attacker@offsec.local“;var subject = “hacked!”;var message = “This is a test emai ...

The box Falafel (10.10.10.73) is a good practice for OSWE, as suggested by one of the forum posts about OSWE preparation. I am working on this box at midnight and am really getting hungry because of the box name xD. Since I know it is php type juggling related box, I won’t be really doing a “blackbox” test but try to learn as much as possible during this whole process. ReconnaissanceAs usual, nmap the target first: 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0) 80/ ...

To those who are interested in this project, I’m working on a full Chinese Mud Game as I believe that I am not experienced and resourceful enough to develop an English based Mud Game (since it is not my first language). 重回Evennia！最近我决定抽出些业余时间来开始重写自己的mud game，用的还是熟悉的evennia引擎，但经过若干次版本更新，evennia的python3版本已经正式上线了。这给我的中文mud编写提供了极大的便利（utf-8 support）。我会将evennia游戏更新的过程，major updates和感想放在本系列博客中，希望可以对自己日后的game development和coding过程有所借鉴。 近期目标制作一个可以让人自由玩耍的，文字版的梦幻西游。从建邺城开始，我想建立一个155时代，也就是十五年前的梦幻西游场景。mud本身就 ...

(Practicing on HTB for OSWE exam. After some quick search on Node.js boxes, I select this one and try to understand more about js coding). ScanningAs usual, nmap on target first. Key information is shown below: PORT STATE SERVICE VERSION 3000/tcp open http Node.js Express framework | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-title: Site doesn’t have a title (text/html; charset=utf-8). No exact OS matches for host (If you know what OS is running on it, see https://nmap.org ...

“This module will cover the in-depth analysis and exploitation of a deserialization remote code execution vulnerability in the DotNetNuke (DNN) platform through the use of maliciously crafted cookies. The primary focus of the module will be directed at the .Net deserialization process, and more specifically at the XMLSerializer class.” General knowledge about XMLFollow the course material. Some good readings: https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-Json-Attacks.p ...