Posts: 7 Threads: 0 Joined: N/A A pirate has been founded in 1916 in the battle of domo somo. Posts: 2 Threads: 0 Joined: N/A (May 17, 2022, 03:14 PM)fa23fsed23 Wrote: (May 17, 2022, 02:42 PM)testing Wrote: (May 17, 2022, 11:59 AM)fa23fsed23 Wrote: (May 17, 2022, 10:15 AM)mrjxsw Wrote: Can anyone who solved the Android-in-the-Middle share the steps????
google how to bypass ssl pinning
How to capture the request? do we need Frida ?
frida, zap or burp all will work writeup please Posts: 41 Threads: 0 Joined: N/A (May 17, 2022, 03:14 PM)fa23fsed23 Wrote: (May 17, 2022, 02:42 PM)testing Wrote: (May 17, 2022, 11:59 AM)fa23fsed23 Wrote: (May 17, 2022, 10:15 AM)mrjxsw Wrote: Can anyone who solved the Android-in-the-Middle share the steps????
google how to bypass ssl pinning
How to capture the request? do we need Frida ?
frida, zap or burp all will work short writeup please Posts: 18 Threads: 0 Joined: N/A Anyone who solved Red island or Spiky Tamagotchy or Genesis wallet PM me for exchanging :) Posts: 3 Threads: 0 Joined: N/A (May 14, 2022, 09:16 PM)fa23fsed23 Wrote: Red Island - RCE via ssrf ( redis ) Can you give other nudges plz ? ... i reached gopher:// , did config get *, dumped the database , but fails to get RCE Posts: 37 Threads: 0 Joined: N/A (May 17, 2022, 08:03 PM)CyberSamurai Wrote: (May 14, 2022, 09:16 PM)fa23fsed23 Wrote: Red Island - RCE via ssrf ( redis )
Can you give other nudges plz ? ... i reached gopher:// , did config get *, dumped the database , but fails to get RCE you have to read /flag.txt there are few ways how you can do it Posts: 3 Threads: 0 Joined: N/A where is exactly the flag ? is it o the server or on the redis database ? i've dumped the whole database but got only one record , also i've got all keys but didn't finnd the flag in it , had tried tens of payloads but no luck , however i can read files directly from the search bar using file:// schema but i don't know the exact place of the flag Posts: 3 Threads: 0 Joined: N/A anyone have any advise on what to look for in Space pirate: Going Deeper? What tool should I use on it? Posts: 37 Threads: 0 Joined: N/A flag is on the server, redis just used to save the sessions Posts: 41 Threads: 0 Joined: N/A (May 17, 2022, 10:31 PM)CyberSamurai Wrote: where is exactly the flag ? is it o the server or on the redis database ? i've dumped the whole database but got only one record , also i've got all keys but didn't finnd the flag in it , had tried tens of payloads but no luck , however i can read files directly from the search bar using file:// schema but i don't know the exact place of the flag what is the place that we can do this? |
