Hacking – category –
-
For beginners: Practice with Spring Boot and MyBatis! SQL Injection Risks and Prevention
Security measures are unavoidable when developing web applications. Among them, "SQL injection" is known as a serious threat to databases. In this article, we will explain in an easy-to-understand manner how SQL injection works, and we will explain what it actually is... -
[SECCON Beginners CTF 2024] WEB Writeup
It wasn't a very good result, but I participated in the SECCON Beginners CTF 2024, so I'll leave a Writeup as a memo. ssrforlfi source check The folder structure after unzipping tar.gz is as follows. $ find ./ ./ ./docker-compose.yml ./.env ./app... -
I tried building an Ubuntu desktop environment using the Xserver VPS Ubuntu Desktop (GNOME)! Wine settings are also automatic, making it easy to use remote desktop environment!
I wanted an Ubuntu environment, so I somehow borrowed a VPS and prepared an Ubuntu environment, so I'll post a memo. Xserver has Ubuntu Desktop (GNOME) as a template, so it automatically sets up Wine and other devices, making it easy to connect with remote desktop... -
[HackTheBox] What to do if "An error of type HTTPClient::ReceiveTimeoutError happened, message is executed expired" appears in Evil-WinRM
I'm using HackTheBox and I was struggling with an Evil-WInRM error, so I'll share it as a memo. Please note that the explanation is spoilers. If an error occurs with Evil-WinRM When trying to use Evil-WinRM, you will be asked to "An error of ty... -
I tried deciphering the encrypted passwords (Type 5, Type 7) set on my Cisco device! HackTheBox Heist Writeup
This time, we will try cracking the encryption password set on the Cisco device and breaking into the server. "HackTheBox-Heist: https://www.hackthebox.com/machines/heist" Please note that the explanation is a spoiler. Preparation First, start the target machine... -
[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup
This time, we will enumerate shared Samba, manipulate vulnerable versions of proftpd, and escalate privileges by manipulating path variables. "TryHackMe-Kenobi: https://tryhackme.com/room/kenobi" Please note that the explanation is a spoiler. Preparation First, start with "Start Machine... -
[Permanent CTF for beginners] setodaNote CTF WEB Writeup! Recommended for getting a sense of CTF!
This time, I'll try out the setodaNote CTF web. "setodaNote CTF: https://ctfexh.setodanote.net/About" The setodaNote CTF is a permanent CTF that was held in 2021, and in terms of difficulty, it is equivalent to an introductory level. Now, CTF... -
Build a Kali Linux environment with WSL2! We also introduce how to operate the GUI using Win-KeX!
Until now, I was using Kali Linux with VirtualBox, but I was thinking that I could do it with WSL2, but it seemed to be pretty good, so I'll show you how to build it. (It's pretty easy.) Also, I'll use Win-KeX to use the GUI. Win-KeX has the following features... -
[TryHackMe] We conducted packet analysis using wireshark to investigate the intrusion of ssh-backdoor! Overpass2 Writeup
This time, we will use wireshark to analyze packets and analyze ssh-backdoor intrusions. Please note that the explanation is a spoiler for "TryHackMe-Overpass2-Hacked: https://tryhackme.com/room/overpass2hacked". Preparation First, "Download Task... -
[CVE-2018-16763] fuel CMS 1.4.1 - I converted Remote Code Execution (1) to python 3 and hacked it! TryHackMe Ignite Writeup
This time, we will try to hack fuel CMS using the vulnerability in CVE-2018-16763. The target machine uses TryHackMe's Ignite. "TryHackMe-Ignite: https://tryhackme.com/room/ignite" Please note that the explanation is a spoiler. advance...
![[HackTheBox] What to do if "An error of type HTTPClient::ReceiveTimeoutError happened, message is executed expired" appears in Evil-WinRM](https://hack-lab-256.com/wp-content/uploads/2023/09/hack-lab-256-samnail-4-1024x576.jpg)
![[CVE-2015-3306] I enumerated the shared Samba, manipulate a vulnerable version of proftpd, and escalated privileges by manipulating path variables! TryHackMe Kenobi Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-2-1024x576.jpg)
![[Permanent CTF for beginners] setodaNote CTF WEB Writeup! Recommended for getting a sense of CTF!](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-1-1-1024x576.jpg)
![[TryHackMe] We conducted packet analysis using wireshark to investigate the intrusion of ssh-backdoor! Overpass2 Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-1024x576.jpg)
![[CVE-2018-16763] fuel CMS 1.4.1 - I converted Remote Code Execution (1) to python 3 and hacked it! TryHackMe Ignite Writeup](https://hack-lab-256.com/wp-content/uploads/2023/08/hack-lab-256-samnail-25-1024x576.jpg)