Newsletter 16/01/2023

This machine website that is vulnerable to NoSQL injection. Using this vulnerability, we can bypass authentication and list some hashed passwords that can be cracked. Then, we enumerate subdomains and find a MatterMost application in which we can access and find credentials for SSH in the machine. The first user is able to run a custom ELF binary that shows more credentials when using a specific master password. Finally, we can escalate privileges because the second user belongs to group docker

Knapsack. Brute force. Modular arithmetic. Shuffling. LLL lattice reduction

Twitter's API. Geolocalization

LinkedIn and Twitter. Dorks

Ethereum Görli testnet (Blockchain)

DNS. Email SPF and DMARC

Gmail and Google Maps

LinkedIn and Instagram. Dorks

Reddit. Ropsten Ethereum

75 points. Seven-segment display. Hexadecimal and Base64 encodings

50 points. DNS

100 points. RSA. Cipolla's Algorithm