Nmap Cheatsheet 2020 3.8 (4)

Nmap 7.70 Usage: nmap [Scan Type(s)] [Options] {target specification} TARGET SPECIFICATION: Can pass hostnames, IP addresses, networks, etc.Ex: scanme.nmap.org, microsoft.com/24,; 10.0.0-255.1-254-iL : Input from list of hosts/networks-iR : Choose random targets–exclude : Exclude hosts/networks–excludefile : Exclude list from file HOST DISCOVERY: -sL: List Scan – simply list targets to scan-sn: Ping Scan – disable … Read more

Hackthebox Magic writeup 3.7 (6)

Hackthebox Magic writeup

Introduction It is a medium machine from the hack the box platform.Which has simple authentication bypass to upload a malicious file and then jumping a user followed by privilege escalation using SUID Steps involved 1-Port Scan2-Visiting website3-Authentication bypass4-Encoding php inside image5-Uploading malicious file and bypassing security check6-Uploading php reverse shell7-Getting full shell8-Getting db user creds9-Jumping … Read more