codeby.games room web: File sharing
Vulenrability Type: File Upload
Taskni ko'rganimda shell yuklash kerakligi aniq edi ammo shell yuklaganimda hech qanday natija bermadi. Keyin platformada shu taskni bajarish uchun source code sifatida task.zip fayli berilgan. Ekan ichidagi kodlarni ko'rib chiqdim
Va .htaccess-da x-httpd-php kabi fayl turiga ruxsat beruvchi qiziqarli code topildi va server PHP skriptlari kabi fayllarni qayta ishlaydi.
Avvaliga https://github.com/pentestmonkey/php-reverse-shell ushbu shellni yukladim ammo yana men kutilgan natijani olmadim. Shundan so'ng boshqa shell izladim va ajoyib shell topdim: https://github.com/flozz/p0wny-shell
Biz shellni shell.php emas balki shell.x-httpd-php qilib o'zgartirishimiz kerak.
#Preparation #For #CTF
Vulenrability Type: File Upload
Taskni ko'rganimda shell yuklash kerakligi aniq edi ammo shell yuklaganimda hech qanday natija bermadi. Keyin platformada shu taskni bajarish uchun source code sifatida task.zip fayli berilgan. Ekan ichidagi kodlarni ko'rib chiqdim
Va .htaccess-da x-httpd-php kabi fayl turiga ruxsat beruvchi qiziqarli code topildi va server PHP skriptlari kabi fayllarni qayta ishlaydi.
Avvaliga https://github.com/pentestmonkey/php-reverse-shell ushbu shellni yukladim ammo yana men kutilgan natijani olmadim. Shundan so'ng boshqa shell izladim va ajoyib shell topdim: https://github.com/flozz/p0wny-shell
Biz shellni shell.php emas balki shell.x-httpd-php qilib o'zgartirishimiz kerak.
#Preparation #For #CTF
👍3
Forwarded from 🇺🇿ONESEC Кибербезопасность
Друзья, приглашаем вас на бесплатные открытые уроки по кибербезопасности в IT-академии Ustudy уже в это воскресенье!
🗓Дата : 26 мая
⌛️Время: 15:00
🗺Адрес: город Ташкент, улица Муминова 7/2 (3 этаж)
📍Место проведение: IT- академия Ustudy (Внутри здания Министерства цифровых технологий)
⚡️ЗАПИСАТЬСЯ⚡️
__________
Do'stlar, biz sizni Ustudy IT Akademiyasida yakshanba kuni boladigan kiberxavfsizlik bo'yicha bepul ochiq darslarga taklif qilamiz!
🗓Sana: 26-may
⌛️Vaqt: 15:00
🗺Manzil: Toshkent shahri. Mo'minova ko'chasi 7/2 (3-qavat)
📍Makon: Ustudy IT Academy (Raqamli texnologiyalar vazirligi binosi ichida)
⚡️Ro'yxatdan o'tish⚡️
🗓Дата : 26 мая
⌛️Время: 15:00
🗺Адрес: город Ташкент, улица Муминова 7/2 (3 этаж)
📍Место проведение: IT- академия Ustudy (Внутри здания Министерства цифровых технологий)
⚡️ЗАПИСАТЬСЯ⚡️
__________
Do'stlar, biz sizni Ustudy IT Akademiyasida yakshanba kuni boladigan kiberxavfsizlik bo'yicha bepul ochiq darslarga taklif qilamiz!
🗓Sana: 26-may
⌛️Vaqt: 15:00
🗺Manzil: Toshkent shahri. Mo'minova ko'chasi 7/2 (3-qavat)
📍Makon: Ustudy IT Academy (Raqamli texnologiyalar vazirligi binosi ichida)
⚡️Ro'yxatdan o'tish⚡️
I uploaded all best payloads list some prsnl some public that will help you in Bug Hunting..
https://github.com/coffinxp/payloads
https://github.com/coffinxp/payloads
GitHub
GitHub - coffinxp/payloads
Contribute to coffinxp/payloads development by creating an account on GitHub.
🚨LazyEgg - Hunting JS Files🚨
💥Command: waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips'
🔗Download https://lnkd.in/gnRJ5mzw
#BugBounty
💥Command: waybackurls target | grep '\.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} bash -c 'echo -e "\ntarget : {}\n" && python lazyegg[.]py "{}" --js_urls --domains --ips'
🔗Download https://lnkd.in/gnRJ5mzw
#BugBounty
👍2
codeby.games room web: Pickled cucumber
The resource used to run the task: https://davidhamann.de/2020/04/05/exploiting-python-pickle/
#CTF #Writeup
The resource used to run the task: https://davidhamann.de/2020/04/05/exploiting-python-pickle/
#CTF #Writeup
🗿3
🚨Ready to level up your cybersecurity skills and earn rewards?
📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting!
😉Over 30 days, you'll receive daily tasks to help you master:
Information gathering and reconnaissance
Vulnerability identification and exploitation
Web application security testing
API security testing
Cloud security testing
Fuzz testing
Machine learning and AI in security
Business logic vulnerabilities
Deserialization vulnerabilities
Server-side request forgery (SSRF)
👌Plus, you'll get access to resources and references to help you along the way!
📝Complete the challenge and earn a Certificate of Completion to showcase your skills!
💖Join the community and start your journey to cybersecurity mastery today!
🔗Join Now: https://nas.io/brutsecurity/challenges/bug-bounty-blitz-30-days-of-learning
📢Join our 30-day bug bounty challenge and learn the art of bug bounty hunting!
😉Over 30 days, you'll receive daily tasks to help you master:
Information gathering and reconnaissance
Vulnerability identification and exploitation
Web application security testing
API security testing
Cloud security testing
Fuzz testing
Machine learning and AI in security
Business logic vulnerabilities
Deserialization vulnerabilities
Server-side request forgery (SSRF)
👌Plus, you'll get access to resources and references to help you along the way!
📝Complete the challenge and earn a Certificate of Completion to showcase your skills!
💖Join the community and start your journey to cybersecurity mastery today!
🔗Join Now: https://nas.io/brutsecurity/challenges/bug-bounty-blitz-30-days-of-learning
🔥2