CVE-2021-22205 (GitLab) – Defensive
Hello, I'm going through some old labs I haven't managed to complete. This one's a bit of a beast. I can get a reverse shell, I can see I am git. however I cannot for the life of me Identify the NGINX log files. this doesn't return anything from the shell or when I am shh'd into the gitlab server find / -type f -name "gitlab_access.log" 2>/dev/null and this isn't returning anything from either the shell or ssh session iml-user@defsec:~/Desktop$ sigmac -t grep sigma.yml grep -P -i '^(?:.*(?=.*POST)(?=.*499))' any clues gratefully received ;)
Introduction to Metasploit: Ep.9 – Demonstrate Your Skills
Please help me out here. I managed to brute for to Apache Tomcat Manager using: auxiliary/scanner/http/tomcat_mgr_login QCC:Qlogic66 When i try to log in to site it is not working http://10.10.10.10:9090/manager/html I need to spawn a user level shell on the victim machine using this creds, not sure why they are not working. I need to use any of these exploits and they require a username and password : 1. exploit/multi/http/tomcat_mgr_deploy 2009-11-09 2. exploit/multi/http/tomcat_mgr_upload 2009-11-09
Hacking tools
Just (re)entering the space of hacking hardware (I had a flipper, but it went boom after a fallout with a bottle of Coke and the rubbish attached lids we have in the UK. I am getting the stuff to build a Bjorn networking tool as a first project. In a "Oh-I-wonder-if-I-could build-one-educational" activity... Has anyone built one before? What use did you get out of it? What other tools have people built?
