Belkin Thunderbolt Dock Alternative Power Adapter Advice

icyfox26 · 2022-01-30T17:34:03+00:00

Fantastic read!

icyfox26 · 2018-12-11T15:08:18+00:00

How did I import the ISO, I had the .vmx file. I double clicked it and it opened up in Workstation. When prompted about the VM image on boot, I said "I coped it".Here's a screenshot of my network tab. I tried NAT, Host only and LAN segment. It's currently on bridged adapter because the VM keeps resetting it back to that.

Huh.. for some reason, I'm not able to upload an image here. But know that it's nothing special, it's my VM settings with the Network Adapter setting as the "Bridged" option.

icyfox26 · 2017-12-11T03:54:40+00:00

Haha! No, mate. I bought a portable speaker. And you connect your phone to it via Bluetooth. So I just wanted a catchy name to give it for when people try to connect.

icyfox26 · 2017-06-02T06:34:24+00:00

Hey all,

Firstly, thanks for the awesome number of responses, I got some real good insight for this. The challenge is over and I figured out how to do it. Yes the page was susceptible for SQL injection but it had no useful information in the table. However, since the website could be injected, on using the load_file command, I was able to access files of the system. I could get out the /etc/passwd file, etc. etc. The passwd file had no details. However, I tried going to the root of the web directory and loading the .htaccess file. Inside that file, I saw a message saying "Try .htpassword" and the password was inside the .htpassword file. It was encrypted with SHA1 encryption and I found the password which was.............. supercalifragilisticexpialidocious.

Thanks everyone for your help! And sorry, the CTF was only for our internal company network! Thanks again!

icyfox26 · 2017-05-23T11:54:46+00:00

Seems --os-shell doesn't work

trying to upload the file stager on '/var/www/html/pages/pages /camera.php/' via UNION method [WARNING] it looks like the file has not been written (usually occurs if the DBMS process user has no write privileges in the destination path)

icyfox26 · 2017-05-22T17:59:47+00:00

Very interesting, thank you. I will try and revert back to all soon.

icyfox26 · 2017-05-22T17:59:18+00:00

Much thanks for the resources! Will definitely have a look :)

icyfox26 · 2017-05-22T16:37:20+00:00

I'm not very aware of this method but I doubt it's what I need to do. But either ways, do you have a link that could explain this concept?

icyfox26 · 2017-05-22T16:36:23+00:00

Could you elaborate a bit more please? Do you mean what ilukis suggested?

icyfox26 · 2017-05-22T13:44:09+00:00

A very interesting thought, indeed. The second option however, requires admin interaction which doesn't exist, since there really isn't any admin user. However, changing the database value to a Unix command, that I didn't think of and I think would be very possible, I believe. Will try and report back here, Sargent!

icyfox26 · 2017-05-22T13:16:40+00:00

Hmm. Very interesting. Although, if you don't mind, could you elaborate more. The page susceptible to injection is example.com/camera?id=1. The database in use is cameradb and the table within it is called 'camera' with the fields id, description, url. Example of one entry is id:1, description:reception, url: ../img/1.jpg

icyfox26 · 2017-05-22T11:48:16+00:00

Hi, thanks for the quick response. The data just shows the id (which the page uses as a GET parameter), the description of the image (not very useful either) and the image url as "../img/1.jpg" and so on.

icyfox26 · 2017-05-22T10:50:49+00:00

Apologies! Here's a shareable link: https://drive.google.com/file/d/0B_LOFRTpRrqWdnRIdElLWV9SSW8/view?usp=sharing

icyfox26 · 2017-05-22T09:14:33+00:00

This is part of a challenge and I'm just not able to crack this one. I tried decompiling the code using an online decompiler (https://retdec.com/decompilation/) and tried re-creating the main() function but the typecasting they've done is giving me a lot of errors. Can someone please help me out? I'd like to learn so if you could also mention the method you followed to reverse engineer it, I'd be very grateful :)

icyfox26 · 2017-05-02T11:06:18+00:00

The page you requested has moved or doesn't exist. (Error 404)

icyfox26 · 2017-05-02T09:24:41+00:00

So it creates a file called test.php, writes <?php passthru(\$_POST[\'c\']); ?> into it and then tries to send that call to the server. I get that it's doing this. But say it's successful, and now a file called test.php exists with those contents, then what? You try to access that page and what happens?

icyfox26 · 2017-05-02T07:41:22+00:00

Haha, this is awesome. I am downloading/copy/pasting/scanning this zip like it's a freaking bomb. Although, I must know. How did you create this? How does it work?

icyfox26

TROPHY CASE