We covered the solution of The Ether: Evil Science Vulnhub free lab by demonstrating Remote Code Execution through SSH.
Lately, I’ve been enjoying creating hacking challenges for the security community. This new challenge encapsulates a company, entitled – The Ether, who has proclaimed an elixir that considerably alters human welfare. The CDC has become suspicious of this group due to the nature of the product they are developing. The Goal The goal is to find out what The Ether is up to. You will be required to break into their server, root the machine, and retrieve the flag. The flag will contain more information about The Ether’s ominous operations regarding this medicine. Any Hints? This challenge is not for beginners. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, I say this to keep you on track. This challenge is designed test you on multiple areas and it’s not for the feint of heart! Last Words Whatever you do, do not give up! Exhaust all of your options! Looking forward to have OSCPs take this challenge. As always, good luck, have fun, God bless, and may the s0urce be with you.
Log File Poisoning | Log Injection
Log files are generally used by applications to keep track of past events or transactions for review, data collection, or troubleshooting. Reviewing log files can be done manually as needed, depending on the application, or automatically using a tool that sifts through logs looking for noteworthy occurrences or trending data.
An attacker may be able to spoof log entries or introduce malicious content by writing invalidated user input into log files. We refer to this as log injection.
Vulnerabilities involving log injection arise when:
An application receives data from an unreliable source.
An application or system log file receives the data.
Effective log injection assaults may result in:
New or fake log events are injected (log forging via log injection)
XSS attack injection, with the goal of getting a malicious log event to be read in a weak web application
injection of commands capable of being executed by parsers (such as PHP parsers)
A frequent web application vulnerability is local file inclusion, which gives hackers access to read private server files and occasionally even run remote commands. This occurs when poorly designed code or improper input validation occur.
Video Walkthrough