12 2023 档案

WINDOWS ESC1 escalate privilege
摘要:ESC1 utilization conditions: ESC1 needs to meet following requirements to use successfully 1.Have permission to accquire certificate 2.the value of pk 阅读全文
posted @ 2023-12-29 11:45 lisenMiller 阅读(29) 评论(0) 推荐(0) 编辑
Windows ESC2 escalate privilege
摘要:BRIEF ADCS(Active Directory certificate service).There are a lot enterpirse CA set up to issue certificates using certificate template definitions,whi 阅读全文
posted @ 2023-12-29 10:41 lisenMiller 阅读(12) 评论(0) 推荐(0) 编辑
hackthebox absolute insane
摘要:信息收集 Pay attention to the last line ssl-date: we have 7 hour clock skew,which should keep in mind if doing any keberos auth. SMB-TCP445 smbclient -N - 阅读全文
posted @ 2023-12-27 14:17 lisenMiller 阅读(113) 评论(0) 推荐(0) 编辑
PORT KNOCK SERVICE
摘要:Port knock service: Knockd Service.This servcie hide the system open service by adding iptables rules dynamically.Using a customized series of serial 阅读全文
posted @ 2023-12-19 11:49 lisenMiller 阅读(7) 评论(0) 推荐(0) 编辑
hackthebox broscience medium
摘要:Briefly instruction: This time,the target machine encouter some url coding,php code audit found deserialization,script writing according to the conten 阅读全文
posted @ 2023-12-14 22:45 lisenMiller 阅读(13) 评论(0) 推荐(0) 编辑
hackthebox bagel medium
摘要:Flask exploit /proc/self/cmdline understands which process is currently running to provice the web service. curl http://10.10.11.201:8000/?page=../../ 阅读全文
posted @ 2023-12-12 09:25 lisenMiller 阅读(49) 评论(0) 推荐(0) 编辑
JSON .NET SERIALIZE exploitation
摘要:exploiting json serialization in .NET core 当使用特定的配置的时候,将在NewtonSoft JSON中会有json的反序列化漏洞。 更加具体化一些就是当 jsonserializationsettings 中的typenamehandling这个属性不是N 阅读全文
posted @ 2023-12-11 21:54 lisenMiller 阅读(21) 评论(0) 推荐(0) 编辑
hackhthebox intentions hard
摘要:This article will talk about th technical points and not talk about the whole pross this target machine has serveral technical points.One is when the 阅读全文
posted @ 2023-12-09 16:07 lisenMiller 阅读(34) 评论(0) 推荐(0) 编辑
google chrome remote debbuging vulnerability
摘要:Form of expression The first is linpeas.sh in the process of detection found that there is a remote debugging of google chrome.the phenotype and analy 阅读全文
posted @ 2023-12-07 22:45 lisenMiller 阅读(49) 评论(0) 推荐(0) 编辑
CORS漏洞复现
摘要:cors概述 发生跨域资源共享,web应用程序通过在http增加字段来告诉浏览器,哪些不同来源的服务器是有权访问本站资源的,当不同域的请求发生时,就出现了跨域的现象 cors漏洞原理 cors请求分为两类,简单请求与非简单请求. 简单请求: 请求方式为GET,POST,HEAD三种之一 http头不 阅读全文
posted @ 2023-12-07 21:56 lisenMiller 阅读(251) 评论(0) 推荐(0) 编辑
node.js 原型链污染小结
摘要:attention:1.需要找到没有定义的回溯值。2.确保存在merge,copy等赋值的函数能够向上污染。3.注意回溯的情况必须是在copy或复制函数内的参数,需要多少个__proto__是根据这种复制来判断的 像一些链条是没有类似copy之类的赋值函数。可以直接通过调用的数量来判断例如 opt. 阅读全文
posted @ 2023-12-07 21:53 lisenMiller 阅读(154) 评论(0) 推荐(0) 编辑
hackthebox jupyter medium
摘要:BREIFLY. this box is quite hard for beginner. the walkthrough is following: 1.nmap scan open ports detail and discover this box open 22 and 80 port bu 阅读全文
posted @ 2023-12-06 15:18 lisenMiller 阅读(30) 评论(0) 推荐(0) 编辑
hackthebox broker easy
摘要:brief intruducton 1.The first breakthrouth is week password of admin at http://10.10.11.243/ website. if we could utilize admin/admin successfully acc 阅读全文
posted @ 2023-12-01 16:21 lisenMiller 阅读(43) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示