There is no excerpt because this is a protected post.
CTF365 lesson is based upon OWASP top 10 vulnerabilities which is still valid in 2020. The following are the lessons that are provided by CTF365. Let me tell you they are not only top 10, instead the list is of top 11 and please note they are not in any order. You can signup security […]
Start the hack with nmap We see the port 21 is open. Lets search for the version in searchploit The FTP is vulnerable and we could get the RCE but for some reason, it didn’t work. Moving on to samba. Lets use smbmap We have access to the tmp. Again, using smbclient to explore further. […]
Start the hack with nmap Check if we have anonymous access or not. Nice, we have anonymous. Further, check if we can write there or not. I already have tested and it came positive. HTTP shows the server has IIS installed. We can upload the aspx webshell from FTP and try to access it from […]
In ctf after you get a shell you may want to see if you can upgrade to a full tty shell. You can find many ippsec videos on youtube doing this. First see if there is python or not
$ which python
If it is available, type following command to get bash shell. There is another post […]