跳轉到

Posts

  • 需要 1 分鐘閱讀時間

Bootstrap 3 實現動態載入效果圖

CSS

.glyphicon-refresh-animate {
        -animation: spin .7s infinite linear;
        -webkit-animation: spin2 .7s infinite linear;
    }

    @-webkit-keyframes spin2 {
        from { -webkit-transform: rotate(0deg);}
        to { -webkit-transform: rotate(360deg);}
    }

    @keyframes spin {
        from { transform: scale(1) rotate(0deg);}
        to { transform: scale(1) rotate(360deg);}
    }

HTML

<div class="container">
     <h3>Animated button</h3>
    <button class="btn btn-lg btn-warning"><span class="glyphicon glyphicon-refresh glyphicon-refresh-animate"></span> Loading...</button>
</div>

效果圖

  • 需要 17 分鐘閱讀時間

THM - GLITCH 靶機滲透

Challenge showcasing a web app and simple privilege escalation. Can you find the glitch?

靶場地址

點我前往

題目背景

Warning! The box contains blinking images and sensitive words.

This is a simple challenge in which you need to exploit a vulnerable web application and root the machine. It is beginner oriented, some basic JavaScript knowledge would be helpful, but not mandatory. Feedback is always appreciated.

*Note: It might take a few minutes for the web server to actually start.

靶機類型

免費靶機

過關條件

  • What is your access token?
  • What is the content of user.txt?
  • What is the content of root.txt?

滲透過程

  • 需要 4 分鐘閱讀時間

THM - Chocolate Factory 靶機滲透

A Charlie And The Chocolate Factory themed room, revisit Willy Wonka's chocolate factory!

靶場地址

點我前往

題目背景

Welcome to Willy Wonka's Chocolate Factory! This room was designed so that hackers can revisit the Willy Wonka's Chocolate Factory and meet Oompa Loompa

This is a beginner friendly room!

靶機類型

免費靶機

過關條件

  • Enter the key you found!
  • What is Charlie's password?
  • change user to charlie [No answer needed]
  • Enter the user flag
  • Enter the root flag

滲透過程

  • 需要 5 分鐘閱讀時間

HTB - GoodGames 靶機滲透

靶場地址

點我前往

過關條件

  • user flag
  • root flag

速記

  • 資訊蒐集階段
    • 就只開一個80 Port
    • 網站是由 Python 3.9.2 開發,沒發現特殊漏洞
    • 登入頁能用admin' or 1 = 1 -- -進行SQL Injection
    • 登入後跳轉到的/profile有一個internal-administration.goodgames.htb連結
    • 把網域加進Hosts文件後又來到一個登入頁,但是原本的SQL Injection用法在這邊無效
    • internal-administration.goodgames.htb 是Flask開發後台
    • 使用SQLMap進行資料庫注入攻擊,在main資料庫中的user表,找到admin的密碼雜湊
    • 取得密碼後,即可在internal-administration.goodgames.htb這個網域中登入
    • 登入後的設定頁(/setting)的姓名欄位可做SSTI注入攻擊
  • 進入主機
    • Shell 在 Docker Container 內
    • user flag 取得無壓力
    • root flag 超麻煩...
      • 從Docker內部Ping宿主機開放的Port,2280開放
      • SSH 密碼是個問題,可以用登入後台的密碼登入....
      • 有發現宿主機的家目錄有掛載至docker內
      • 這個技巧可以解決一些麻煩

滲透過程

閱讀限制

滲透過程有受到作者設定的閱讀限制...