Passphrase
HTML/string to encrypt
<head> <meta charset='utf-8'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" href="/assets/css/style.css?v=919a3b46ced0493a86132cdfcf9875926120fa07"> <!-- Begin Jekyll SEO tag v2.7.1 --> <title>monitor | Hacker blog</title> <meta name="generator" content="Jekyll v3.9.0" /> <meta property="og:title" content="monitor" /> <meta property="og:locale" content="en_US" /> <meta name="description" content="GitHub Pages for writeups, programming, Walkthroughts" /> <meta property="og:description" content="GitHub Pages for writeups, programming, Walkthroughts" /> <link rel="canonical" href="https://th4n4t0.github.io/monitors" /> <meta property="og:url" content="https://th4n4t0.github.io/monitors" /> <meta property="og:site_name" content="Hacker blog" /> <meta name="twitter:card" content="summary" /> <meta property="twitter:title" content="monitor" /> <script type="application/ld+json"> {"description":"GitHub Pages for writeups, programming, Walkthroughts","headline":"monitor","url":"https://th4n4t0.github.io/monitors","@type":"WebPage","@context":"https://schema.org"}</script> <!-- End Jekyll SEO tag --> </head> <body> <header> <div class="container"> <a id="a-title" href="/"> <h1>Hacker blog</h1> <h2></h2> </a> <section id="downloads"> <a href="/" class="btn btn-github"><span class="icon"></span>View Home</a> </section> </div> </header> <div class="container"> <section id="main_content"> <p>Monitors was a Hard difficulty Linux box created by TheCyberGeek. Initial foothold on the box was to find a vulnerable wordpress plugin with a LFI, using which we can read file descriptor and read apache logs. From the logs we get a new subdomain (Host) on the box for cactic, Also using the LFI we can read wp-configs.php which contained a credentials. Using Credentials Spraying we find that is the admin Credentials for cactic. Checking the Version for exploits we find that version of cactic is Vulnerable to SQLi which can be converted to RCE. Using which we get a shell on the box as www-data. Enumerating the box we find a service from crontab, following that we find credential for the user of the box. Enumerating the box as user marcus we see a notes.txt in his home directory. Following that hint we find a weird local only service running. port forwarding that service we discover that is an apache ofbiz. Trying a msf module for that give us a root shell in an docker container. Enumerating that we see we have CAP_SYS_MODULE capability and following Hacktrick docker escape we can get a root shell on the box.</p> </section> </div> </body> </html> " >
+ More options
Page title
Instructions to display the user
Embed crypto-js into your file
?
Generate passphrase protected HTML
Encrypted HTML
Download html file with password prompt
Your encrypted string