CVE-2014-6278

We want to see whether ChatGPT or other AI-LLM (Microsoft New_Bing or Google Bard) are able to help the user to go to some test environment to run cmds to solve the CTF problems (Whether the AI large language models can understand the challenge question and capture the question flags)

ChatGPT(AI LLM)_on_CTF Project Design Purpose: We want to see whether ChatGPT or other AI-LLM (Microsoft New_Bing or Google Bard) are able to help the user to go to some test environment to run cmds to solve the CTF problems (Whether the AI large language models can understand the challenge question and capture the question flags) And we will also show some use cases about ho

Find SearchSploit exploits by CVE-IDs / dpkg status file

cvesploit Find SearchSploit exploits by CVE-IDs / dpkg status file CVE Mode Vulnerablitiy Scanners often return the CVE-IDs in their scans /cvesploit CVE-2018-11776 CVE-2018-11776 Apache Struts 23 < 2334 / 25 < 2516 - Remote Code Execution (1) exploits/linux/remote/45260py Apache Struts 23 < 2334 / 25 < 2516 -

Shellshock Vulnerability Scanner

ShellScan ShellScan - A simple Shellshock Vulnerability Scanner in python allows cyber security researchers to explore and discover new application and systems that vulnerable to the ShellShock exploit ShellScan supports different BASH vulnerabilities: CVE-2014-6271 and CVE-2014-6278 to be tested by cyber security researchers in order to explore and discover new applications a

Performed an RCE by exploiting the "Shellshock" vulnerability and hijacked a webserver.

OSCP Prep - SickOs 11 Note: This box was completed long ago and I am going off of the VMware snapshot I saved after completion, some visuals will be missing and explained instead Objective We must go from visiting a simple website to having root access over the entire web server We'll download the VM from here and set it up with VMware Workstation 16 Once the machine i

Performed an RCE by exploiting the "Shellshock" vulnerability and hijacked a webserver.

OSCP Prep - SickOs 11 Note: This box was completed long ago and I am going off of the VMware snapshot I saved after completion, some visuals will be missing and explained instead Objective We must go from visiting a simple website to having root access over the entire web server We'll download the VM from here and set it up with VMware Workstation 16 Once the machine i

Cisco UCS Manager 21(1b) Shellshock Exploit CVE-2014-6278 Confirmed on version 21(1b), but more are likely vulnerable Cisco's advisory: toolsciscocom/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash Exploit generates a reverse shell to a nc listener Exploit Author: @thatchriseckert Exploit goes after a specific cgi script in Cisco UCS ma

Performed an RCE by exploiting the "Shellshock" vulnerability and hijacked a webserver.

OSCP Prep - SickOs 11 Note: This box was completed long ago and I am going off of the VMware snapshot I saved after completion, some visuals will be missing and explained instead Objective We must go from visiting a simple website to having root access over the entire web server We'll download the VM from here and set it up with VMware Workstation 16 Once the machine i

We want to see whether ChatGPT or other AI-LLM (Microsoft New_Bing or Google Bard) are able to help the user to go to some test environment to run cmds to solve the CTF problems (Whether the AI large language models can understand the challenge question and capture the question flags)

ChatGPT(AI LLM)_on_CTF Project Design Purpose: We want to see whether ChatGPT or other AI-LLM (Microsoft New_Bing or Google Bard) are able to help the user to go to some test environment to run cmds to solve the CTF problems (Whether the AI large language models can understand the challenge question and capture the question flags) And we will also show some use cases about ho

CTF Writeup

0day First as usual, nmap # Nmap 792 scan initiated Tue Dec 7 15:07:13 2021 as: nmap -vvv -p 22,80 -sCV -oA init 101018175 Nmap scan report for boxip (101018175) Host is up, received conn-refused (021s latency) Scanned at 2021-12-07 15:07:14 +07 for 14s PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack OpenSSH 661p1 Ubuntu 2ubuntu213 (Ubuntu Linu

Penetration Testing /Ethical Hacking Pentesting Tools and Softwares Engagement It is the act of hacking into a company's netework after obtaining permission It has 5 stages Planning and Reconnaissance /information gathering Scanning Exploitation Post Exploitation Reporting Planning and prep for attack Types of Pen Testing No view or black box hacking into a compan

Cyberscecurity Project 2 Introduction Within this project, we'll utilize the Metasploit Framework to execute diverse attacks on a virtual machine (VM) hosting Metasploitable 3 and running Snort The plan involves conducting five attacks, with three of them being detectable by Snort, while the remaining two will go undetected by Snort Setting up the Metasploitable VM First

Penetration Testing /Ethical Hacking Pentesting Tools and Softwares Engagement It is the act of hacking into a company's netework after obtaining permission It has 5 stages Planning and Reconnaissance /information gathering Scanning Exploitation Post Exploitation Reporting Planning and prep for attack Types of Pen Testing No view or black box hacking into a compan