First, I initiate our exploration with an Nmap scan. Port 25565 shows me there is a minecraft server. Then, i include “crafty.htb” in my host file along with the machine’s IP address using the following command: echo "10.10.11.249 crafty.htb" >> /etc/hosts By visiting “crafty.htb”, i could find a minecraft introduction page. For connecting to the server. I need to download the minecraft client i..

First, I initiate our exploration with an Nmap scan. Then, i include “skyfall.htb” in my host file along with the machine’s IP address using the following command: echo "10.10.11.254 skyfall.htb" >> /etc/hosts By visiting “skyfall.htb”, i could not find anything useful information. So i runned gobuster to find which subdomain “skyfall.htb” has. The “demo.skyfall.htb” was useful. I added it in ho..

First, I initiate our exploration with an Nmap scan. Then, i include “pov.htb” in my host file along with the machine’s IP address using the following command: echo "10.10.11.251 pov.htb" >> /etc/hosts By visiting “pov.htb”, i could not find anything useful information. So i runned gobuster to find which subdomain “pov.htb” has. The “dev.pov.htb” was useful. I added it in hosts file too. There i..

First, I initiate our exploration with an Nmap scan. Then, i include “analysis.htb” in my host file along with the machine’s IP address using the following command: echo "10.10.11.250 analysis.htb" >> /etc/hosts By visiting “analysis.htb”, i could not find anything useful information. So i runned gobuster to find which subdomain “analysis.htb” has. The “internal.analysis.htb” was useful. I added..

First, i include “nagios.monitored.htb” in my host file along with the machine’s IP address using the following command: echo "10.10.11.248 nagios.monitored.htb" >> /etc/hosts I initiate our exploration with an Nmap scan. Also runned UDP scan. I have identified open port 80. Let’s access the site in a web browser for further exploration. I can not login with the crenditial from UDP scan result. ..

First, i include “bizness.htb” in my host file along with the machine’s IP address using the following command: echo "10.10.11.252 bizness.htb" >> /etc/hosts I initiate our exploration with an Nmap scan. I have identified open port 80. Let’s access the site in a web browser for further exploration. Following an analysis of all pages, let’s initiate a directory search using dirsearch. Discovered ..

이번 포스트에서는 picoCTF의 Cookies 문제에 대해 다루겠다. 문제를 클릭하면 다음과 같은 화면을 볼 수 있다. 자신이 얼마나 많은 쿠키를 좋아하는지를 물어보고 있다. placeholder에 snickerdoodle라는 쿠키가 나와있으므로 그대로 입력해서 Search 버튼을 클릭해보겠다. ### 실행 결과 : "I love snickerdoodle cookies"라는 문구가 출력된 것을 볼 수 있다. 해당 문제는 "쿠키"에 관한 문제이므로 개발자도구를 통해 페이지의 쿠키값을 확인해보겠다. Name = name, Value = 0이라고 되어 있는 것을 확인할 수 있다. 여기서 Value의 값을 다른 숫자로 변경해서 결과를 확인해보겠다. 쿠키 Value를 재설정하고 페이지를 새로고침하면 다음과 같은..