Open in app
Yikai

Sign in

Open in app

Jan 25

Command Injection in web app with cat command disabled.

Nmap Scan

root@kali:~# nmap -sC -sV -O -T4 10.10.202.157Starting Nmap 7.80 ( https://nmap.org ) at 2021-01-04 01:07 ESTNmap scan report for 10.10.202.157Host is up (0.36s latency).Not shown: 998 closed portsPORT   STATE SERVICE VERSION22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.6 (Ubuntu Linux; protocol 2.0)| ssh-hostkey:|…

Nov 28, 2020

Nmap, gobuster, base64 decoder,sort,uniq,burpsuite, turbointruder, php reverseshell, netcat,crackstation,find,gtfobin

Nmap

kali@kali:~$ sudo nmap -sC -sV -O 10.10.151.156
[sudo] password for kali: 
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-26 22:48 EST
Nmap scan report for 10.10.151.156
Host is up (0.35s latency).
Not shown: 997 filtered ports
PORT    STATE  SERVICE  VERSION
22/tcp  closed ssh
80/tcp  open   http…

Nov 26, 2020

This will be a write up on a PwnTillDawn Online Battlefield box — Stuntman Mike. Please check out the following links to find out more on PwnTIllDawn Online Battlefield.

Nmap Scan

kali@kali:~$ sudo nmap -sC -sV -O 10.150.150.166Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-22 01:31 ESTNmap scan report for…

Nov 24, 2020

Nmap

kali@kali:~$ sudo nmap -T4 -A 10.10.88.51
[sudo] password for kali: 
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-24 05:26 EST
Nmap scan report for 10.10.88.51
Host is up (0.35s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol…

Nov 23, 2020

Nmap

kali@kali:~$ sudo nmap -sC -sV -O 10.10.133.102
[sudo] password for kali: 
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-22 02:41 EST
Nmap scan report for 10.10.133.102
Host is up (0.35s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE       VERSION
135/tcp  open  msrpc…

Nov 22, 2020

Nmap, gobuster, php reverseshell, netcat, burpsuite, find,gtfobins

Nmap

kali@kali:~$ sudo nmap -T4 -A 10.10.216.110
[sudo] password for kali: 
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-22 05:00 EST
Nmap scan report for 10.10.216.110
Host is up (0.41s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol…

Nov 22, 2020

This lab contains an SQL injection vulnerability in the login function.

To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user.

Head over to the login page.

When we input a username and password, the query string will look like:

SELECT…

Nov 21, 2020

This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following:

SELECT * FROM products WHERE category = ‘Gifts’ AND released = 1

To solve the lab, perform an SQL injection attack that…

Nov 21, 2020

Nmap Scan

ali@kali:~$ nmap -T4 -sC -sV 10.10.132.197
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-17 08:25 EST
Stats: 0:02:31 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 98.61% done; ETC: 08:28 (0:00:01 remaining)
Nmap scan report for 10.10.132.197
Host is up (0.37s latency).
Not shown: 991 closed ports
PORT…

Nov 18, 2020

Nmap scan

kali@kali:~$ nmap -T4 -sC -sV 10.10.218.181
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-18 02:00 EST
Nmap scan report for 10.10.218.181
Host is up (0.35s latency).
Not shown: 988 closed ports
PORT      STATE SERVICE      VERSION
135/tcp   open  msrpc…

Yikai

Started my journey in cybersecurity on September 2020. This blog is used mainly to record my learning journey.

About

Write

Help

Legal

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store