oxeo0/hacking-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/hacking-blogposts.git synced 2025-05-16 12:27:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix the hacking tutorials

Browse source
This commit is contained in:
nihilist 2025-05-07 08:27:22 +02:00
parent 325b9c3814
commit 673311896a
21 changed files with 207 additions and 489 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Medium/67.md
View file

@ -45,7 +45,7 @@ Our nmap scan picked up Apache Tomcat running on port 8080 so let's investigate
![](prg/67_001.png)
So the webserver is apparently a YAML parser, similarly to the [Time](64.html) box, this is probably about deserialization, however unlike for the Time box, giving it random data does not necessarily reveal the backend that's being used. Rather we can simply base our assumption that it is running a java backend because we saw that we were on apache tomcat. So let's look for YAML java deserialization payload by googling a bit, and we stumble upon [this](https://swapneildash.medium.com/snakeyaml-deserilization-exploited-b4a2c5ac0858) article, so let's first verify that this webserver is vulnerable with the following payload:
So the webserver is apparently a YAML parser, similarly to the [Time](64.md) box, this is probably about deserialization, however unlike for the Time box, giving it random data does not necessarily reveal the backend that's being used. Rather we can simply base our assumption that it is running a java backend because we saw that we were on apache tomcat. So let's look for YAML java deserialization payload by googling a bit, and we stumble upon [this](https://swapneildash.medium.com/snakeyaml-deserilization-exploited-b4a2c5ac0858) article, so let's first verify that this webserver is vulnerable with the following payload:
!!javax.script.ScriptEngineManager [