Nmap: Ep.8 – Scan Output
I need to read a token from the file located at "/home/kali/Desktop/token". I suspect that the telnet service running on port 22 is vulnerable, but telnet is not available on Kali Machine. I have tested all other services, and they appear to be secure. I am uncertain about the next steps to take.26Views1like3CommentsReverse Engineering (Offensive) JavaScript Analysis: JSDetox
I'm stuck at below two questions Q6: Which variable does the initial script try to return? Q8: The exploit kit contains a large block of hex encoded shellcode stored in a variable. This shellcode is also XOR encoded. What is the single byte xor key? (In the format 0xNN e.g. 0x11.) So farI downloaded the HTTP objects via Wireshark, extracted the script to JSDetox then decoded base64 strings which resolves to other 2 scripts. With these steps I was able to answer other questions but I can't go any further, any guidance? Thanks in advanceSolved173Views1like9CommentsServer-Side Request Forgery
I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory traversal and other methods in place of HTTP (FTP). Nothing seems to working to get the bot name/service account90Views1like4CommentsOWASP 2017 Java: Underprotected APIs
I am stuck on the "OWASP 2017 Java: Underprotected APIs" challenge. I have tried accessing "<Target URL>/FileDownloadServlet?path=/etc/&file=flag.txt," for which I received the error message "HACKING DETECTED! Your activity has been logged, and authorities have been informed." I created a user with admin privileges and used its session to access the above-mentioned URL, but that also didn't work.Solved74Views2likes1Comment