Follow the steps in this section and leverage the LFI vulnerability in the web application (located at http://mountaindesserts.com/meteor/) to receive a reverse shell on WEB18 (VM #1). Get the flag from the /home/ariella/flag.txt file. To display the contents of the file, check your sudo privileges with sudo -l and use them to read the flag.--> OS{33a3e4aa90a99657854e9683233a488c}Exploit the LFI..
Start Walkthrough VM 1 and replicate the steps learned in this Learning Unit to identify the basic XSS vulnerability present in the Visitors plugin. Based on the source code portion we have explored, which other HTTP header might be vulnerable to a similar XSS flaw?-->Start Walkthrough VM 2 and replicate the privilege escalation steps we explored in this Learning Unit to create a secondary admin..
Start Walkthrough VM 1 and replicate the steps learned in this Learning Unit to identify the basic XSS vulnerability present in the Visitors plugin. Based on the source code portion we have explored, which other HTTP header might be vulnerable to a similar XSS flaw?--> http 헤더 전체를 전체적으로 써봐도 안되네 나중에 다시 찾아봐야겠다..Start Walkthrough VM 2 and replicate the privilege escalation steps we explored in this..
Start up the Walkthrough VM 1 and modify the Kali /etc/hosts file to reflect the provided dynamically-allocated IP address that has been assigned to the offsecwp instance. Use Firefox to get familiar with the Developer Debugging Tools by navigating to the offsecwp site and replicate the steps shown in this Learning Unit. Explore the entire WordPress website and inspect its HTML source code in or..
관련글 2022.01.20 - [Web-hack/CTF 문제풀이] - vulnhub_kioptrix_level1 2022.01.21 - [Web-hack/CTF 문제풀이] - vulnhub_kioptrix_level2 2022.02.21 - [Web-hack/CTF 문제풀이] - vulnhub_kioptrix_level3 2022.02.19 - [Web-hack/CTF 문제풀이] - how to install kioptrix 4 2022.02.24 - [Web-hack/CTF 문제풀이] - vulnhub_kioptrix_level4 사용했던 Tool netdiscover nmap dirb nikto msfconsole crackstation.net (외부 site) 기존과 마찬가지로 netdiscov..
