Newsletter 31/01/2023

This machine has a Grafana instance that is vulnerable to Directory Path Traversal without authentication. There, we can read files from the server and find the password for Grafana and for MySQL. After that, we can connect to MySQL, which is exposed, and find another password to access via SSH. The machine runs consul
internally with a vulnerable configuration. After finding an authentication token in a Git repository, we can use an exploit to get RCE from consul
and get access as root

Truncated LCG. AES. Knapsack. LLL lattice reduction

DNA encoding. Substitution cipher. Frequency analysis

Windows event logs

Excel macros deobfuscation