HackTheBox writeup of „Help“

my first writeup for a hackthebox.eu machine called: Help, 10.10.10.120 $ nmap -Pn –script vuln 10.10.10.121 Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-11 13:22 CEST Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | 224.0.0.251 | After NULL UDP avahi packet DoS (CVE-2011-1002). |_ Hosts are all up (not…

Weiterlesen

Spam wave threatening Website Owners

It seems there is a massive spam campaign going on originating from this ip: https://www.shodan.io/host/137.59.253.16 and regarding to this guy also 103.103.0.118 and 141.98.103.30 Spam comments get placed on wordpress websites, featuring a pretty threatening text, at least for people who have monetary interest in their websites. Hey. Soon your…

Weiterlesen

Seehofer -.-

Angriff auf WhatsApp & Co.: Seehofer will Messenger zur Entschlüsselung zwingen heise online – https://heise.de/-4431634 Alle bitte mal die CSU ganz dringend abwählen. Aber ist ja nichts neues, seit 2001 sind die Menschenrechte auf dem absteigenden Ast. Wann bekommen wir eigentlich endlich ein Social Scoring System wie in China? Müssen…

Weiterlesen

filezilla stores passwords in (almost) plain text

When importing my sitemanager.xml from my windows filezilla to my linux box i discovered that the passwords in it are store in base64 encoding completely unencrypted. This is sucks, because i use a master password to, what i thought, encrypt my passwords with it. So what is the master password…

Weiterlesen

vulnhub hackingOS writeup

https://www.vulnhub.com/entry/hackinos-1,295/ running sparta gave me port 22 and 8000, on 8000 i found a defunct wordpress. which pointed to localhost, that could be fixed with locally assigning localhost to the vm’s network ip. i also found that Handsome_Container was a valid wordpress username. i started bruteforcing it with burp suite.…

Weiterlesen