![[Meachines] [Easy] Curling +zip文件嵌套+TRP00F权限提升+CURL滥用文件读取+sysinfo-SSH后门权限提升缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2025/01/5386ac0f64a28130f37119314235c0-400x280-c.jpg "[Meachines] [Easy] Curling +zip文件嵌套+TRP00F权限提升+CURL滥用文件读取+sysinfo-SSH后门权限提升缩略图")
Information GatheringIP AddressOpening Ports10.10.10.150TCP:22,80$ sudo masscan -p1-65535,…
从国赛到西湖论剑:fenjing进阶通杀jinjia2_SSTI前言最近俩月比赛遇到了三个jinjia2_SSTI题目,发现其虽然有过滤,但是fenjing都可以对其过滤进行降维打…
![[Meachines] [Easy] SteamCloud Kubernetes-RCE+Kubernetes节点权限提升缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2025/01/88b395b4fcff902678a4b337c00669-400x280-c.jpg "[Meachines] [Easy] SteamCloud Kubernetes-RCE+Kubernetes节点权限提升缩略图")
Information GatheringIP AddressOpening Ports10.10.11.133TCP:22, 2379, 2380, 8443, 10249, 1…
![[Meachines] [Easy] Bashed PHP Bash+Python计划任务权限提升缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2025/01/36b553e3c27e0201221954d79345d2-400x280-c.jpg "[Meachines] [Easy] Bashed PHP Bash+Python计划任务权限提升缩略图")
Information GatheringIP AddressOpening Ports10.10.10.68TCP:80$ sudo masscan -p1-65535,U:1-…
![[Meachines] [Easy] Bank balance-transfer目录泄露+etcpasswd权限提升+SUID emergency权限…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2025/01/5d537b7d9ab3e8a865d8dc9de87ffa-400x280-c.jpg "[Meachines] [Easy] Bank balance-transfer目录泄露+etcpasswd权限提升+SUID emergency权限…缩略图")
Information GatheringIP AddressOpening Ports10.10.10.29TCP:22,53,80$ sudo masscan -p1-6553…
![[Meachines] [Easy] Academy Laravel-RCE+TRP00F权限提升+audit服务日志权限提升+composer权限提…缩略图](https://www.4awl.net/wp-content/cache/thumbnails/2025/01/3eb1a6b3fd8f5121d8b4147ad61547-400x280-c.jpg "[Meachines] [Easy] Academy Laravel-RCE+TRP00F权限提升+audit服务日志权限提升+composer权限提…缩略图")
Information GatheringIP AddressOpening Ports10.10.10.215TCP:22,80,33060$ sudo masscan -p1-…
地址:https://github.com/MartinxMax/ChameleonChameleon跨平台编译C文件,并一次性生成多个平台的可执行文件。可以通过编译Chamele…
TyrantTyrant 是一个 SUID 二进制特权升级工具,权限提升或进行横向移动。用法使用以下命令编译源代码:$ gcc tyrant.c -o tyrant 要显示帮助信息…
谷歌语法-信息收集1.查找带有ID传参的网站(可以查找sql注入漏洞)inurl:asp id=xx2.查找网站后台(多数有登陆框,可以查找弱口令,暴力破解等漏洞)site:[ht…
萌新见解,文笔微末,大佬见谅!前置知识在CTF(Capture The Flag)比赛中,Reverse Engineering(逆向工程)是一种常见的挑战类型。它主要考察选手分析…