Intro So after I created CTF challenge on Botani CTF about imagetragick, I’m curious, are there any web apps that still vulnerable to this bug, then I started to test to well-known startups in Indonesia that are Bukalapak and Tokopedia. Bukalapak and Tokopedia are C2C marketplace in Indonesia where anyone can open online store to serve prospective buyer from all over Indonesia.
Imagetragick bug discovered 3 month ago by Nikolay Ermishkin.
Intro So I come across subreddit /r/oscp recently, I found a comment that suggest to practice to hack vulnhub VM before taking PWK course. One of the most recommended VM is SickOS. In this post I will try to explain how I hacked SickOS 1.1.
Scanning and Discovery I configured SickOs VM network to host-only, so it has access to my machine.
First, I need to know the IP address of the target, I use netdiscover to do it, I set network interface as vboxnet0 same as SickOs