Merge branch 'main' of https://github.com/B333F/writeups

54toshi · Dec 3, 2023 · 5cd24a0 · 5cd24a0
2 parents 0e62683 + a208918
commit 5cd24a0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/THM/dreaming.md b/THM/dreaming.md
@@ -1,10 +1,11 @@
 # dreaming
-Solve the riddle that dreams have woven.
+Solve the riddle that dreams have woven. <br>
+https://tryhackme.com/room/dreaming
 
 
 ## 1. lucien flag
 
-on http://MACHINE_IP/app/pluck-4.7.13/ runs https://github.com/pluck-cms/pluck. To access the admin panel you need to guess the password which is "password". The pluck version 4.7.13 has an RCE vulnerability - CVE-2020-29607, for which there is an exploit available at exploit-db. Just change the ip, port, password in the script, and then try to view the uploaded image in the webapp, which will trigger the webshell inside the image. <br>
+on http://MACHINE_IP/app/pluck-4.7.13/ runs https://github.com/pluck-cms/pluck. To access the admin panel you need to guess the password which is "password". The pluck version 4.7.13 has an RCE vulnerability - CVE-2020-29607, for which there is an exploit available at exploit-db. Just change the ip, port and password in the script and execute, then try to view the uploaded image in the webapp, which will trigger the webshell inside the image. <br>
 https://nvd.nist.gov/vuln/detail/CVE-2020-29607 <br>
 https://www.exploit-db.com/exploits/49909
 

diff --git a/THM/pickle_rick.md b/THM/pickle_rick.md
@@ -1,9 +1,10 @@
 
 # pickle rick
-- you get an ip address (10.10.209.99) with the instructions to find 3 ingredients/ flags
+you get an ip address (10.10.209.99) with the instructions to find 3 ingredients/ flags <br>
+https://tryhackme.com/room/picklerick
 
 
-# solution 
+## solution 
 1. its an webserver with an login page under <ip>/login.php
 2. the user is found in the main html source code, the password is found in <ip>/robots.txt
 3. the input field is an linux shell: