bunthut – Page 2 – unordnung.net /misc/

The Marketplace – writeup tryhackme

24 October 2020 by bunthut

The Marketplace writeup tryhackme jwt token found Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjQsInVzZXJuYW1lIjoibW9hIiwiYWRtaW4iOmZhbHNlLCJpYXQiOjE2MDMxODQzNzB9.cHhTfERXZoGvHZu5wEFEqRN5paZc6FZIH8AUPVFcHsY decoded its: {“alg”:”HS256″,”typ”:”JWT”}{“userId”:1,”username”:”michael’ or 1=1″,”admin”:true,”iat”:1603184370} eyJ1c2VySWQiOjQsInVzZXJuYW1lIjoibW9hIiwiYWRtaW4iOnRydWUsImlhdCI6MTYwMzE4NDM3MH0= Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjEsInVzZXJuYW1lIjoibWljaGFlbCcgb3IgMT0xIiwiYWRtaW4iOnRydWUsImlhdCI6MTYwMzE4NDM3MH0K.cHhTfERXZoGvHZu5wEFEqRN5paZc6FZIH8AUPVFcHsY ok since i found an reflected xss and there was an ability to report stuff to admins which are automatically responded to by an admin account, we can steal their cookies. i’m running a cookie stealer and injected … Read moreThe Marketplace – writeup tryhackme

sed dislikes \d \w regex syntax

29 September 2020 by bunthut

Reminder to not use \d, \w and such regex tokens when using regex with the linux streamline editor sed. Use [0-9] and [a-z] instead. Made me ask my first question on stackoverflow and getting downvoted for it 😛 https://regex101.com btw… when dealing with regular expressions, a handy tool. would be nice to have a sed … Read moresed dislikes \d \w regex syntax

Finally Brainfuck, a THM writeup of BlobBlog

23 September 2020 by bunthut

Well it was anno 1998 when an older friend showed me the brainfuck programing language and what I took from this evening was, that such creepy codes are what’s needed for getting into hacking. That made me stay away from really digging into hacking until 20 years later. +[—>++<]>+.+++[->++++<]>.—.+++++++++.-[->+++++<]>-.++++[->++<]>+.-[->++++<]>.–[->++++<]>-.-[->+++<]>-.–[—>+<]>–.+[—->+<]>+++.[->+++<]>+.-[->+++<]>.-[—>++<]>+.–.—–.[->+++<]>.————.+[—–>+<]>.–[—>+<]>.-[—->+<]>++.++[->+++<]>.++++++++++++.———.—-.+++++++++.———-.–[—>+<]>—.+[—->+<]>+++.[->+++<]>+.+++++++++++++.———-.-[—>+<]>-.++++[->++<]>+.-[->++++<]>.–[->++++<]>-.——–.++++++.———.——–.-[—>+<]>-.[->+++<]>+.+++++++++++.+++++++++++.-[->+++<]>-.+[—>+<]>+++.——.+[—->+<]>+++.-[—>++<]>+.+++.+.————.++++++++.-[++>—<]>+.+++++[->+++<]>.-.-[->+++++<]>-.++[–>+++<]>.[—>++<]>–.+++++[->+++<]>.———.[—>+<]>–.+++++[->+++<]>.++++++.—.[–>+++++<]>+++.+[—–>+<]>+.———.++++.–.+.——.+++++++++++++.+++.+.+[—->+<]>+++.+[->+++<]>+.+++++++++++..+++.+.+[++>—<]>.++[—>++<]>..[->++<]>+.[—>+<]>+.+++++++++++.-[->+++<]>-.+[—>+<]>+++.——.+[—->+<]>+++.-[—>++<]>–.+++++++.++++++.–.++++[->+++<]>.[—>+<]>—-.+[—->+<]>+++.[–>+++<]>+.—–.————.—[->++++<]>.————.—.+++++++++.-[->+++++<]>-.++[–>+++<]>.——-.————.—[->++++<]>.————.—.+++++++++.-[->+++++<]>-.—–[->++<]>-.–[—>++<]>-. It seems my trauma comes true, … Read moreFinally Brainfuck, a THM writeup of BlobBlog

Writeup GamingServer TryHackMe

23 September 2020 by bunthut

Running a simple Content discovery with burp, you will find a secret folder with a private ssh key and a corresponding wordlist to crack it. load it to john with 2john and you got its pass. allowing a ssh login with the key as the user, which you’d found in comments on the site. yes … Read moreWriteup GamingServer TryHackMe

Space Station use debian, btw

4 September 2020 by bunthut

Automate the boring stuff with bash

20 August 2020 by bunthut

I really start to love bash. And dislike python. I’m not good at both, but i like to automate boring, repeative tasks. Being a pentester and network admin using linux (of course) i’m working a lot in the shell, editing connfig files, checking network devices and such things. I encounter a lot of problems which … Read moreAutomate the boring stuff with bash

UO is free to play

31 July 2020 by bunthut

When I was 13 years old I was discovering multiplayer games. That was in the end of the 90s and Internet was still very expensive and paid by the minute usually. You gotta dial up your 56k modem and occupy your families phone line. That made internet cafe’s popular and by the time a new … Read moreUO is free to play

Ransomeware in 1992

29 July 2020 by bunthut

The german “Die Drei Fragezeichen” (The three ???, a fictional detective trio from german audio drama for kids, which is popular among adults nowadays) investigated in a floppy disc driven malware attack in the episode 056/Angriff der Computer-Viren (Attack of the computer viruses). Funnily the whole threat model reminds heavily of todays ransomewares. The three … Read moreRansomeware in 1992

Wanna learn? tryhackme.com.

28 July 2020 by bunthut

I recently discovered tryhackme.com and I am so stunned by the awesome material. You won’t need any other site to learn pentesting anymore and it’s mostly free. It’s FULL of vulnerably boxes you scan spin up in the cloud privately with and without walkthroughs. Pure awesomeness…

Learning SSRF with Portswigger Labs

29 January 2020 by bunthut

Basic SSRF against the local Server https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost When accessing a product page an check stock link checks the stock through an API on some URL. We just need to change the url to localhost/admin where we can see user delete links and here we go with the request to delete that carlos: POST /product/stock HTTP/1.1 … Read moreLearning SSRF with Portswigger Labs