Forum Widgets
Recent Discussions
CVE-2022-26134 (Confluence) – OGNL Injection
For Question 6. Look at the first exploit attempt by this attacker. What command did they run? I am wondering about why when sharing the commands found in the logs, it still outputs wrong. even if typing in "X-Cmd-Response" as the command as well as the entire string found. Wondering if they are exepecting a different format/snippet of the code, or the GET requests instead?Terrapoint (Hats off, Immersive Labs)
Small clues about the labs I consider most important, after solving all of them: Norway and Rwanda; but this is just the beginning of your journey :). Because for the others in the collection, I want to think that you are capable of looking up a phone number: right? ;). The most evil labs, Norwegians and Rwandans ones (in my opinion): In both cases, you must make the most of every pixel in the image provided: such as signs, symbols, and landmarks; once you have done so, try to find out where you really are!. And that's how I won them over: study where that road begins and ends... and simply let yourself be carried away by it, kilometer by kilometer. Tip: don't trust primary sources, they are wrong!: for example, on the main roads of that African country.
CVE-2021-25281 (SaltStack) – Offensive
I've tried every way I can think of to use the python script for this lab. Here's and example using the state option: I've also tried creating a python script to try to write to the /var/cache/salt/master/extmods/ directory, and tried creating the ssh key and uploading the public key with the ssh option. I've thrown some print commands in to see what is being passed in the requests. All end up with the Traceback similar to above. Is there something I'm missing in the syntax?
Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2; Final Question
I have managed to find the answer to Questions 1-4 of this lab, however I can't seem to identify the answer to the final question (Question 5 - What is the token?). I have run the binary and I get the “You have not met the requirements” message. I understand that there is an some type of execution error within the binary that I must correct for it to work properly however I have not been able to locate the error in order to analyze it and attempt to correct it. Any insight or guidance on what I'm missing / doing incorrectly would be greatly appreciated. Thanks in advance. I am not getting a prompt to provide the password. I am not seeing the prompt to use the calculator to find the answer to the calculation that is presented. I can see that there is a reference to a token.txt file but I can’t seem to get access to the file to determine what the token value is.
Introduction to Metasploit: Ep.3 – Discovery
#5 Select the arp_sweep module and run it against the victim IP address with THREADS set to 1. Is the host active or inactive? I can only see my AttackerIP. The host is up but how to see? RHOSTS 10.102.20.1/24 yes msf6 auxiliary(scanner/discovery/arp_sweep) > run SIOCSIFFLAGS: Operation not permitted [+] 10.102.136.8 appears to be up (UNKNOWN). [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completedCVE-2018-16858 (LibreOffice Remote Code Execution)
Hi there! I'm a little stumped on what 9 is prompting me to do? So it's asking me to open and modify 'bankdetails.odt' and to launch the file as 'cmd.exe' instead of .docx file, but when I right click on the 'bankdetails.odt' I don't really know what to select from the list to open as an extension as a .exe? Hope i've made sense?
