User flag Usage.htb A web server and a subdomain, that’s enough to start with. A quick URL scrape revealed that the used technology might be Laravel. Running ffuf revealed a rate-limiting mechanism. If you spam the server too much, it returns a 503 error. Therefore, I had to limit ffuf. 1 ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://usage.htb/FUZZ -t 1 -p 0.1 Still nothing useful found, until I manually inspected the forms and saw this:...
User flag Runner.htb My initial reconnaissance scan revealed two web server and a ssh server. After endless searching, I stumbled upon an HTTP header that stated that this site was powered by TeamCity, which is a virtual host on the server too. This took quite a while for me. http://teamcity.runner.htb/login.html is vulnerable to CVE-2023-42793, which allows any user to create an admin account. 1 python CVE-2023-42793.py -u http://teamcity.runner.htb That was easy....
User flag Intuition.htb My initial reconnaissance scan revealed some interesting virtual hosts on the web server. The most promising virtual host was report.comprezzor.htb, featuring a form for error reporting to the development team. Initially, it appeared ripe for XSS exploitation, which indeed turned out to be the correct approach. After waiting for some time, I received a request on my HTTP server with a JWT cookie. Adding that cookie to my jar and then opening the http://dashboard....
While scrolling through old machines on Kleinanzeigen, I stumbled upon this wonderful Metabo Sb EDV 800/2S R+L drill which I could not resist buying and would be a really good addition to my workshop in a drill stand. So without wasting a second, I bought it for €25 and started researching how to replace the electric motor’s carbon brushes and where to renew the grease to make it work like on day one....
I recently received the Einhell TC-SM 2131/2 Dual miter saw as a birthday present from my lovely girlfriend and decided to pimp it with a Premium saw blade from Falkenwald that is optimized for fine cuts. The first thing you need to pay attention to is the size of the saw blade, in my case it is 210mm × 30mm, you should be able to buy it on Amazon. To remove the original saw blade from the miter saw, you need to unscrew the following screw....
In this tutorial, we’ll walk through the creation of a bash script that utilizes Restic to perform backups to Backblaze B2 cloud storage and sends email notifications in case of failure. Restic is a modern backup program that offers efficient deduplication and encryption features. Prerequisites Before getting started, make sure you have the following: A Backblaze B2 account and access keys Restic installed on your system Access to an SMTP server for sending emails Script Overview The bash script should perform the following tasks:...
I’m in the process of developing a signal bot with the capability to automatically download videos. Additionally, I’m exploring the potential to integrate features such as reminders and scheduled calls into its functionality. Keep an eye out for further developments on this project! To run the signal bot, you need to install the corresponding PyPI package and configure the signal-cli-rest-api on your host system. https://github.com/filipre/signalbot https://github.com/bbernhard/signal-cli-rest-api#getting-started Execute the following command to install the dependencies via pip:...
After rediscovering an old favorite in the Google Play Store, Terraria, a game I adored playing in my youth, I felt inspired to set up a server on my Proxmox server for some nostalgic gaming sessions during my downtime. To my surprise, I found that it was possible to connect to a standard desktop server using the Android version. A brief google search led me to TShock (https://github.com/Pryaxis/TShock), a community-maintained open-source Terraria server written in C# ....