Introduction I used to use PDFSam to do PDF file merging when submitting my claims which consist of many receipts and claim application form which are all in PDF format, however since I know python an easier and free way to do PDF merging is to use the PyPDF2 module. Credits go to the PyPDF2 … Continue reading python – Merge PDF files
Author: cyruslab
Deserialization of flask app and memcached
The flask app caches the logon session in the memcache daemon, in python pickle is used to serialize and deserialize data. Serialization is a process of converting the python's object into byte stream for transport over the network or convert the python object into byte stream for storing into a file. Deserialization is to convert … Continue reading Deserialization of flask app and memcached
Pentest report on Helpdesk
Executive Summary Helpdesk is a Windows 2008 Standard server which hosts ManageEngine ServiceDesk Plus (SDP) 7.6 web application, the ManageEngine SDP version suffers from multiple vulnerabilities, amongst multiple vulnerabilities we used two exploits. Sql injection - We are able to read proof.txt from C:\Users\Administrator\Desktop\Arbitrary file upload - We uploaded a malicious reverse shell java war … Continue reading Pentest report on Helpdesk
Pentest report on Nickel
Executive Summary We are able to obtain the first success criteria - local.txt and second success criteria (proof.txt) - due to simple crackable passwords of username - ariah. During the penetration testing we have obtained two passwords related to username - ariah, one is for ftp/ssh login the other is FileZilla FTP server administration login. … Continue reading Pentest report on Nickel
Pentest report on livda
Executive summary This section summarizes on how I can gain initial foothold until privilege escalation. The pentest of livda reveals there is a password disclosure flaw while doing directory listing with account admin in the FTP server, this is possible because zFtpserver has an easily guessed credential - admin:admin. By login to livda as admin … Continue reading Pentest report on livda
hackthebox – Shocker
Enumeration I am using my own bash script to do a more efficient nmap scan. Here's the simple bash script: #!/bin/bash if [ $# -eq 0 ]; then echo "Usage: $0 <target_ip> <output_file>" else ports=$(nmap -T4 --min-rate=1000 -p- $1|grep -e ^[0-9]|cut -d "/" -f 1| tr '\n' ','|sed 's/,$//') nmap -sC -sV -p $ports -vvv … Continue reading hackthebox – Shocker
Simple terminal in python
Suppose you are pentesting a web app and you have found a file upload vulnerability and have successfully uploaded a php file that has this content: <?php echo shell_exec($_GET['cmd']); ?> Everytime you need to execute command to find out more about the system that hosts that web app you may need to do something like … Continue reading Simple terminal in python
linux – Grab the ipv4 address from interface
I have an active interface on eth0, by issuing ip a sh dev eth0 the information displays as below. 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:97:69:0c brd ff:ff:ff:ff:ff:ff inet 192.168.1.232/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0 valid_lft 4857sec preferred_lft 4857sec inet6 fe80::20c:29ff:fe97:690c/64 scope link noprefixroute valid_lft forever … Continue reading linux – Grab the ipv4 address from interface
service ports discover with nmap
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-07 15:20 +08 Nmap scan report for 10.10.10.161 Host is up (0.0087s latency). Not shown: 65511 closed ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl … Continue reading service ports discover with nmap
hackthebox – Bank
nmap nmap -sS -sV -p- -oN bank.txt 10.10.10.29 The result as follows: Nmap scan report for 10.10.10.29 Host is up (0.0049s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) 53/tcp open domain ISC BIND 9.9.5-3ubuntu0.14 (Ubuntu Linux) 80/tcp open http Apache httpd … Continue reading hackthebox – Bank