Deserialization of flask app and memcached

The flask app caches the logon session in the memcache daemon, in python pickle is used to serialize and deserialize data. Serialization is a process of converting the python's object into byte stream for transport over the network or convert the python object into byte stream for storing into a file. Deserialization is to convert … Continue reading Deserialization of flask app and memcached

Pentest report on Helpdesk

Executive Summary Helpdesk is a Windows 2008 Standard server which hosts ManageEngine ServiceDesk Plus (SDP) 7.6 web application, the ManageEngine SDP version suffers from multiple vulnerabilities, amongst multiple vulnerabilities we used two exploits. Sql injection - We are able to read proof.txt from C:\Users\Administrator\Desktop\Arbitrary file upload - We uploaded a malicious reverse shell java war … Continue reading Pentest report on Helpdesk

Pentest report on Nickel

Executive Summary We are able to obtain the first success criteria - local.txt and second success criteria (proof.txt) - due to simple crackable passwords of username - ariah. During the penetration testing we have obtained two passwords related to username - ariah, one is for ftp/ssh login the other is FileZilla FTP server administration login. … Continue reading Pentest report on Nickel

Pentest report on livda

Executive summary This section summarizes on how I can gain initial foothold until privilege escalation. The pentest of livda reveals there is a password disclosure flaw while doing directory listing with account admin in the FTP server, this is possible because zFtpserver has an easily guessed credential - admin:admin. By login to livda as admin … Continue reading Pentest report on livda

linux – Grab the ipv4 address from interface

I have an active interface on eth0, by issuing ip a sh dev eth0 the information displays as below. 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:97:69:0c brd ff:ff:ff:ff:ff:ff inet brd scope global dynamic noprefixroute eth0 valid_lft 4857sec preferred_lft 4857sec inet6 fe80::20c:29ff:fe97:690c/64 scope link noprefixroute valid_lft forever … Continue reading linux – Grab the ipv4 address from interface

service ports discover with nmap

Starting Nmap 7.91 ( ) at 2020-12-07 15:20 +08 Nmap scan report for Host is up (0.0087s latency). Not shown: 65511 closed ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl … Continue reading service ports discover with nmap

hackthebox – Bank

nmap nmap -sS -sV -p- -oN bank.txt The result as follows: Nmap scan report for Host is up (0.0049s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) 53/tcp open domain ISC BIND 9.9.5-3ubuntu0.14 (Ubuntu Linux) 80/tcp open http Apache httpd … Continue reading hackthebox – Bank