Newsletter 16/01/2023
This machine website that is vulnerable to NoSQL injection. Using this vulnerability, we can bypass authentication and list some hashed passwords that can be cracked. Then, we enumerate subdomains and find a MatterMost application in which we can access and find credentials for SSH in the machine. The first user is able to run a custom ELF binary that shows more credentials when using a specific master password. Finally, we can escalate privileges because the second user belongs to group docker
Knapsack. Brute force. Modular arithmetic. Shuffling. LLL lattice reduction
Twitter's API. Geolocalization
LinkedIn and Twitter. Dorks
Ethereum Görli testnet (Blockchain)
DNS. Email SPF and DMARC
Gmail and Google Maps
LinkedIn and Instagram. Dorks
Reddit. Ropsten Ethereum
75 points. Seven-segment display. Hexadecimal and Base64 encodings
50 points. DNS
100 points. RSA. Cipolla's Algorithm