Retas.io is a company from PT. Solusi Siber Teknologi that offers various security services ranging from Vulnerability Assessment, Penetration Testing, to other specialized IT and security-related needs.
Recently retas.io launched a new product called retas labs which is intended to help new players entering the Infosec world. These labs are somewhat similar to Hack The Box. By using a VPN we are required to solve challenges using our IT knowledge and skills. Not only that, they also plan to …
After a long time without creating or solving challenges due to increasingly limited free time and assignments piling up, I finally received information about a challenge from a friend in a Telegram group. This challenge was created by another community called Malang Hacker Link. The challenge is quite unique and fun to solve because no “magic tricks” are required.
From the information provided, I immediately opened the link and found a form with two fields: first name and last name. Since we …
Since this machine has already been retired and is no longer considered relevant as a challenge, I decided to write a solution explaining how to complete the VM Heaven challenge from Surabaya Hacker Link.
In fact, solving this challenge does not require special hacking tools such as sqlmap or metasploit because the challenge is relatively easy. No advanced hacking knowledge is required. As long as you are familiar with the GNU/Linux operating system and understand the basics of pwning (owning) a …
As usual, in the Surabaya Hacker Link group there are various challenges. Not only admins create them, but members also submit challenges, and I helped deploy this one. Not only deploying it, of course I also tried solving it :3
Without further ado, we accessed the challenge at challshl.com.
Since I was involved during deployment, I had a slight idea where the bug was located. The cool term would be white box pentest, meaning testing by reading the website source code cmiiw.
This challenge was created when I was confused about how to explain the LFI bug Local File Inclusion during a secure coding session at STTS. Since I was quite bored with LFI to Local File Read via wrapper, I searched for LFI to RCE methods other than through self/proc/environ and found LFI to RCE via Access Log Poisoning. However, because hosting environments could not read log files in txt format, a file upload feature was created that only allows txt files. Below is the Write Up.
Well maybe the title is a bit click bait — SQL injection itself can’t directly inject all the way to an RDP account takeover xD
Actually the initial goal was just to download anime on moesubs.com, but when opening the website there was a URL that looked very suspicious: https://moesubs.com/?hal=dlrilisan&id=591 so I tried checking with ' and the site returned an error. After the error I balanced it using an SQL comment --+- and the page returned to normal, okay let’s continue …
