Newsletter 31/01/2023
This machine has a Grafana instance that is vulnerable to Directory Path Traversal without authentication. There, we can read files from the server and find the password for Grafana and for MySQL. After that, we can connect to MySQL, which is exposed, and find another password to access via SSH. The machine runs consul internally with a vulnerable configuration. After finding an authentication token in a Git repository, we can use an exploit to get RCE from consul and get access as root
Truncated LCG. AES. Knapsack. LLL lattice reduction
DNA encoding. Substitution cipher. Frequency analysis
Windows event logs
Excel macros deobfuscation