投稿時間:2022-06-12 17:09:06 RSSフィード2022-06-12 17:00 分まとめ(11件)
カテゴリー等 | サイト名等 | 記事タイトル・トレンドワード等 | リンクURL | 頻出ワード・要約等/検索ボリューム | 登録日 |
---|---|---|---|---|---|
python | Pythonタグが付けられた新着投稿 - Qiita | 【お店探しのWebAR】DjangoでWebSocket編 | https://qiita.com/KarT1994/items/c0324f4a89a8854aa1c1 | django | 2022-06-12 16:57:18 |
python | Pythonタグが付けられた新着投稿 - Qiita | PyQtGraphでうんこを描画する方法 | https://qiita.com/kazunoriri/items/0c79503ba00af72e9ba2 | rompyqtqtwidgetsimportqap | 2022-06-12 16:56:19 |
python | Pythonタグが付けられた新着投稿 - Qiita | LCS(最長共通部分列)をPythonで解く | https://qiita.com/tetsuro731/items/bc9fb99683337ae7dc2e | 最長共通部分列 | 2022-06-12 16:00:46 |
js | JavaScriptタグが付けられた新着投稿 - Qiita | 【お店探しのWebAR】DjangoでWebSocket編 | https://qiita.com/KarT1994/items/c0324f4a89a8854aa1c1 | django | 2022-06-12 16:57:18 |
AWS | AWSタグが付けられた新着投稿 - Qiita | 新卒3年目と巡るAWS Summitの旅 | https://qiita.com/suzuki_kento/items/1f27e9f494d85e253083 | awssummit | 2022-06-12 16:10:59 |
Git | Gitタグが付けられた新着投稿 - Qiita | ファイルを追加する、ステージの状態を見る | https://qiita.com/masatom86650860/items/2a5137606e9bce8457b4 | gitadd | 2022-06-12 16:58:09 |
海外TECH | DEV Community | 15 Beautiful Color Gradients using CSS | https://dev.to/devash98/15-beautiful-colour-gradients-using-css-4em1 | Beautiful Color Gradients using CSS I am here with another list In this post I have enlisted aesthetic color gradients using CSS examples of colour gradients in CSS which you can implement in your next projects I have used linear gradient method of CSS and only the gradient direction to bottom left There are many others gradient directions like to right to top etc to read about the linear gradient method you can refer to this freecodecamp article Let s jump into the list background image linear gradient to bottom right FFF DD background image linear gradient to bottom right FFD FE background image linear gradient to bottom right FFB D background image linear gradient to bottom right FD FFBDF background image linear gradient to bottom right DFCB background image linear gradient to bottom right CFF B background image linear gradient to bottom right FCEE background image linear gradient to bottom right FDFCFB EDC background image linear gradient to bottom right EC FBF background image linear gradient to bottom right FDABDD AA background image linear gradient to bottom right AD background image linear gradient to bottom right C DA background image linear gradient to bottom right B FCA background image linear gradient to bottom right FFDB ED background image linear gradient to bottom right FFED EF Congratulations You have successfully read this long list I have also tweeted this one you can bookmark it there for your future reference I have gathered this colourful ideas from Pinterest I Hope you have found it useful Share the article comment which one you are going to use and comment your feedbacks as well Also I write about web development on twitter follow me there for understanding web development technologies easily Thank you See you soon | 2022-06-12 07:42:34 |
海外TECH | DEV Community | Let's Hack The World in The MR. Robot CTF! 👾 | https://dev.to/christinecdev/lets-hack-the-world-in-the-mr-robot-ctf-4bj5 | Let x s Hack The World in The MR Robot CTF Today we are going to take a crack at the Mr Robot CTF on Try Hack Me I must say before we start that I love the design of this lab The website is so cool and so well thought out it was just perfect I really encourage you to look at all the videos it s pretty hackery When you re ready put on your FSOCIETY hoodie and let s hack the world What is key Once your machine is loaded we can start with our basic enumeration First things first when we open up the IP address of the machine in our browser we are met with a command line like website Each command that you type in will load a video so it s not really that important but you can check it out if you want Let s run an nmap scan to see if we can find any services nmap sV Pn lt your machine IP gt Mhh we can see that our ssh port is closed There is a ssl http port that is of interest though Let s run a gobuster scan to see which directories we can enumerate gobuster dir w usr share wordlists dirbuster directory list small txt u lt your machine IP gt t We can see that there is a robots directory When we look at our hint it says Robots Let s navigate to our robots We can see that our robots txt mentions a key of txt file It also has a fsocity dic file which contains a list of passwords Save this file because we will need it later Let s navigate to it lt ip gt key of txt We ve found our first key What is key When we look back at our gobuster scan we can see that there is a login and wp login directory that indicates that the site is made with Wordpress Let s navigate to our wp login We won t get pretty far without a username and password duh If we run a wpscan scan on our web application to see if we can find a user we can see that we get nothing useful except the Wordpress version which we could maybe exploit wpscan url http lt your machine IP gt wp login enumerate uWe have one of two options now manually trying different usernames or making use of Burp Suite s intruder to find a username When I first did this CTF I tried my luck by going with the most obvious usernames MrRobot and Elliot Elliot won Now that we have a username we can go back to wpscan or in my case I chose hydra and enumerate through our fsocity dic file that we downloaded above to find a valid password for Elliot export ip lt your machine IP gt hydra l Elliot P Downloads fsocity dic ip V http form post wp login php log USER PASS amp wp submit Log In amp testcookie S Location This took my scanner minutes so to save you the effort I will reveal the password for you gt gt Elliot ER Let s log in using these credentials From here on our next moves are pretty standard Let s see if we can run a reverse shell using php by pasting our shell in the php file in the theme editor Remember to save this new file You can download the reverse shell from pentestmonkey and remember to update the IP address with the address of your OPENVPN not your machine IP and insert the port of your choice I left it at Start up a netcat listener nc nlvp lt your port insterted in reverse shell gt Now head over to lt your machine IP gt php and check your netcat listener We have successfully gained access via our reverse shell When we list the files of home robot we find our key of txt file There is also a password raw md file which we ll get to later We have our second key What is key Let s read the contents of our password raw md file It seems to be a hashed password for the user robot Let s see if we can crack this password hash Head over to Crackstation and enter this hash Let s see what user we are currently by running whoami We are running as daemon but we can log into the user robot s account since we have the password the one we just cracked whoamisu robotNow that we are logged in as robot let s then see what binaries we can access to see if we can escalate our privilege via exploiting our binary library find perm u s type f gt dev nullThe binary nmap looks prmising Head over to GTFObins and read up on how we can escalate our privilege using this library We need to run an interactive shell which will give us root access nmap interactiveFrom here on we can cd into root and read the contents of our final flag file key of txt And so we got our flag ConclusionThere s a bunch of steps I took in between that didn t pan out into anything There weren t any vulnerabilities for the Wordpress version in case you were wondering Ultimately it was quite an easy CTF I hope this was easy enough for you to follow and until next time happy hacking See more on my GitHub | 2022-06-12 07:35:07 |
ニュース | BBC News - Home | Rail strike: Agency staff could cover future disruption | https://www.bbc.co.uk/news/uk-61773437?at_medium=RSS&at_campaign=KARANGA | workers | 2022-06-12 07:33:25 |
北海道 | 北海道新聞 | 北海道内812人感染、1人死亡 29日連続で前週比減 新型コロナ | https://www.hokkaido-np.co.jp/article/692583/ | 北海道内 | 2022-06-12 16:18:24 |
北海道 | 北海道新聞 | ソ0―3ヤ(12日) 高橋が今季初完封で5勝目 | https://www.hokkaido-np.co.jp/article/692588/ | 両リーグ | 2022-06-12 16:20:00 |
コメント
コメントを投稿