THE STRUTS TRILOGY
=================================================
A Synopsis and Cheat Sheet for Pentest Monkey by d3ck4
All posts by hfb editor
Hackthebox Olympus Walkthrough
Initial Foothold – Crete Island
Nmap result:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
root@kali:~/Desktop/htb# nmap -sS -sC 10.10.10.83 Starting Nmap 7.70 ( https://nmap.org ) at 2018-10-08 01:25 EDT Nmap scan report for 10.10.10.83 Host is up (0.50s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp filtered ssh 53/tcp open domain | dns-nsid: |_ bind.version: Bind 80/tcp open http |_http-title: Crete island - Olympus HTB 2222/tcp open EtherNetIP-1 Nmap done: 1 IP address (1 host up) scanned in 44.13 seconds |
Port 80 enumeration
– Dirbuster: no interesting page/directory.
– Nikto: found uncommon header xdebug 2.5.5
– Xdebug is an extension for PHP to assist with debugging and development.
– Xdebug < 2.5.5 suffer from unauthenticated os command execution
– Exploit: https://github.com/vulhub/vulhub/blob/master/php/xdebug-rce/exp.py
Java Secure Code Review: Comprehensive Guide
If you’re looking for Java Secure Code Review benchmark, the following link will make your life easier.
https[:]//help.semmle.com/wiki/display/JAVAsec/CWE
Hackthebox Aragog Walkthrough
Hackthebox Aragog Walkthrough:
Nmap Result
1 2 3 4 5 6 7 8 9 |
[snip] PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 | ftp-anon: Anonymous FTP login allowed (FTP code 230) [snip] 22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0) [snip] 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) [snip] |
FTP allow anonymous login, further enumeration reveal “test.txt” file.
How to redirect WordPress 404 page through function()
The following code will return “ugly” page like this:
1 2 3 4 5 6 |
//case where someone attempting to reach wp-admin if (is_admin() &amp;&amp; !is_user_logged_in() &amp;&amp; !defined('DOING_AJAX') &amp;&amp; basename( $_SERVER["SCRIPT_FILENAME"] ) !== 'admin-post.php'){ //Fix to prevent fatal error caused by some themes and Yoast SEO do_action('aiowps_before_wp_die_renamed_login'); wp_die( __( 'Not available.', 'all-in-one-wp-security-and-firewall' ), 403 ); } |
Since we have our own 404 page, why not we use it? Add the following code to redirect it to our theme 404 page.
1 2 3 4 5 6 7 8 9 10 |
//case where someone attempting to reach wp-admin if (is_admin() &amp;&amp; !is_user_logged_in() &amp;&amp; !defined('DOING_AJAX') &amp;&amp; base name( $_SERVER["SCRIPT_FILENAME"] ) !== 'admin-post.php'){ //Fix to prevent fatal error caused by some themes and Yoast SEO do_action('aiowps_before_wp_die_renamed_login'); //wp_die( __( 'Not Available.', 'all-in-one-wp-security-and-firewall ' ), 404 ); global $wp_query; $wp_query-&gt;set_404(); status_header( 404 ); get_template_part( 404 ); exit(); } |
and now for security reason, whoever request to the restricted page will get our beautiful 404 page.
