introduce

OS: Linux
Difficulty: Medium
Points: 30
Release: 10 Oct 2020
IP: 10.10.10.211

User Blood haqpl 00 days, 01 hours, 43 mins, 28 seconds.
Root Blood Ziemni 00 days, 02 hours, 59 mins, 53 seconds.

  • my htb rank

Read more »

introduce

OS: Windows
Difficulty: Hard
Points: 40
Release: 03 Oct 2020
IP: 10.10.10.210

User Blood xct 00 days, 03 hours, 08 mins, 20 seconds.
Root Blood xct 00 days, 07 hours, 06 mins, 12 seconds.

  • my htb rank

Read more »

cve-2020-0688-Exchange-远程代码执行介绍

作用

主要用于后续提权操作

影响版本

1
2
3
4
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

漏洞原理

这个漏洞是由于Exchange服务器在安装时没有正确地创建唯一的加密密钥所造成的。

具体来说,与正常软件安装每次都会产生随机密钥不同,所有Exchange Server在安装后的web.config文件中都拥有相同的validationKey和decryptionKey。这些密钥用于保证ViewState的安全性。而ViewState是ASP.NET Web应用以序列化格式存储在客户机上的服务端数据。客户端通过__VIEWSTATE请求参数将这些数据返回给服务器。攻击者可以在ExchangeControl Panel web应用上执行任意.net代码。

Read more »

安装外网kail

1.选一台外网的vps部署debian操作系统

2.更换kali源

1
2
3
4
mousepad /etc/apt/sources.list

deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
deb-src http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
Read more »

常规木马免杀处理-查杀情况记录

cs木马免杀比例

exe64 41/72
exe32 40/72

+upx之后

1
2
3
cs64           30/72       能过火绒    无法过windows defender
自解压打包后 23/71 能过火绒 无法过windows defender (success)
cs86 45/72 被火绒查杀 无法过windows defender
Read more »

introduce

OS: Linux
Difficulty: Easy
Points: 20
Release: 26 Sep 2020
IP: 10.10.10.209

User Blood jkr 00 days, 00 hours, 36 mins, 05 seconds.
Root Blood xct 00 days, 00 hours, 36 mins, 12 seconds.

  • my htb rank

Read more »

serialize01

源码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php

class A{
public $classname;
function __toString(){
echo file_get_contents($this->classname);
return "";
}
}

echo unserialize($_GET['a']);
highlight_file(__FILE__);

?>
Read more »

introduce

OS: Linux
Difficulty: Medium
Points: 30
Release: 05 Sep 2020
IP: 10.10.10.206

User Blood qtc 00 days, 00 hours, 19 mins, 35 seconds.
Root Blood Lemming 00 days, 00 hours, 32 mins, 04 seconds.

  • my htb rank

Read more »

introduce

OS: Linux
Difficulty: Hard
Points: 40
Release: 29 Aug 2020
IP: 10.10.10.205

User Blood szymex73 00 days, 00 hours, 44 mins, 52 seconds.
Root Blood InfoSecJack 00 days, 02 hours, 08 mins, 18 seconds.

  • my htb rank

Read more »