local file inclusion

Medusa from HackMyVM Writeup – Walkthrough

Krishna UpadhyayFebruary 6, 2023February 8, 2023Securitybruteforce, disk group, fuzzing, hackmyvm, LFI, local file inclusion, log poisoning, security, sudo abuse, walkthrough, writeupNo Comments

Medusa is a lengthy machine from the platform HackMyVM despite being easy. The machine’s author is noname and I must pay respect to him for putting effort into this machine. The VM includes many fuzzing techniques for subdomain enumeration and directory enumeration. Likewise, it also asks us to brute-force hashes to get passwords. “Medusa from […]

Catland walkthrough from HackMyVM – Writeup

Krishna UpadhyayJanuary 14, 2023January 14, 2023Securitycatland, file permissions, hackmyvm, LFI, local file inclusion, security, sudo abuse, walkthrough, writeupNo Comments

HackMyVM has added a new medium-difficulty machine “Catland” by cromiphi. This machine features subdomain enumeration, local file inclusion, insecure file permissions and sudo abuse. However, for the domain name, you need to take the help of the VM box. “Catland walkthrough from HackMyVM – Writeup” Click here to go to the download page of Catland […]

Hi! Sorry for the late reply. To achieve LFI and RCE, the vulnerability must present in the server-side script (i.e.…

Hello! I wanted to explore the 'opus-details.php', so started with .php?id=<script>alert("test")</script> and got a pop up. Wanted to leverage this,…

You need to make it executable as chmod +x pspy64

i am getting -bash: ./pspy64: Permission denied. what am I suppose to do

I simply copy the public key from my .ssh/ directory to authorized_keys. In this post, I created a file in…