Decompiling Java Classes While there are many tools that we could use to decompile Java bytecode (with various degrees of success), we will use the JD-GUI decompiler in this course. Java-based web ...

We’ll start our hunt for DOM-based XSS by searching for references to the document object. However, running a search for “document” will generate many false positives. Instead, we’ll search for “do...

Manipulation of Assembly Attributes for Debugging Debugging .NET web applications can sometimes be a bit tricky due to the optimizations that are applied to the executables at runtime. One of the w...

Exploit-DB (searchsploit) You can download the .cpp (C++) script with the following command: searchsploit -m linux/local/40847.cpp This is to compile within the compromised machine: g++ -Wall -p...

Manipulation of Assembly Attributes for Debugging Debugging .NET web applications can sometimes be a bit tricky due to the optimizations that are applied to the executables at runtime. One of the w...

We decided to enumerate all pages we could access without authentication using a grep search and used the results as a starting point for our analysis. grep -rnw /var/www/html/ATutor -e "^.*user_l...

Assessing the Application The existence of bin/www, package.json, and routes/ indicate that this is a NodeJS web application. In particular, package.json identifies a NodeJS project and manages its...

Java Reconnaissance A quick Google search leads us to a file extensions explanation page, which states that the .do extension is typically a URL mapping scheme for compiled Java code. HTTP Routing...

Host entries: 10.10.10.248 intelligence.htb dc.intelligence.htb If Active Directory => NTP Synchronization with the domain controller. Content Information Leakage Kerberos Enumeration...