HTB: Metatwo

Executive Summary The purpose of this executive summary is to provide an overview of the security vulnerabilities identified in Metatwo, including the Booking Press plugin (version 1.0.10) and the WordPress core version 5.6.2. Additionally, the summary highlights the subsequent exploitation of these vulnerabilities, leading to unauthorized access and disclosure of sensitive information, including user credentials … Continue reading HTB: Metatwo

python – Merge PDF files

Introduction I used to use PDFSam to do PDF file merging when submitting my claims which consist of many receipts and claim application form which are all in PDF format, however since I know python an easier and free way to do PDF merging is to use the PyPDF2 module. Credits go to the PyPDF2 … Continue reading python – Merge PDF files

Deserialization of flask app and memcached

The flask app caches the logon session in the memcache daemon, in python pickle is used to serialize and deserialize data. Serialization is a process of converting the python's object into byte stream for transport over the network or convert the python object into byte stream for storing into a file. Deserialization is to convert … Continue reading Deserialization of flask app and memcached

Pentest report on Helpdesk

Executive Summary Helpdesk is a Windows 2008 Standard server which hosts ManageEngine ServiceDesk Plus (SDP) 7.6 web application, the ManageEngine SDP version suffers from multiple vulnerabilities, amongst multiple vulnerabilities we used two exploits. Sql injection - We are able to read proof.txt from C:\Users\Administrator\Desktop\Arbitrary file upload - We uploaded a malicious reverse shell java war … Continue reading Pentest report on Helpdesk

Pentest report on Nickel

Executive Summary We are able to obtain the first success criteria - local.txt and second success criteria (proof.txt) - due to simple crackable passwords of username - ariah. During the penetration testing we have obtained two passwords related to username - ariah, one is for ftp/ssh login the other is FileZilla FTP server administration login. … Continue reading Pentest report on Nickel

Pentest report on livda

Executive summary This section summarizes on how I can gain initial foothold until privilege escalation. The pentest of livda reveals there is a password disclosure flaw while doing directory listing with account admin in the FTP server, this is possible because zFtpserver has an easily guessed credential - admin:admin. By login to livda as admin … Continue reading Pentest report on livda

linux – Grab the ipv4 address from interface

I have an active interface on eth0, by issuing ip a sh dev eth0 the information displays as below. 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:97:69:0c brd ff:ff:ff:ff:ff:ff inet 192.168.1.232/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0 valid_lft 4857sec preferred_lft 4857sec inet6 fe80::20c:29ff:fe97:690c/64 scope link noprefixroute valid_lft forever … Continue reading linux – Grab the ipv4 address from interface

service ports discover with nmap

Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-07 15:20 +08 Nmap scan report for 10.10.10.161 Host is up (0.0087s latency). Not shown: 65511 closed ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl … Continue reading service ports discover with nmap