-
Now we know for sure there is a /.git/ folder on the server. Now we can use a tool like Git dumperto extract all of the information from the git folder on to our own machine and take a look at the source code.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
ARBITRARY REMOTE LEAK with CVE-2022-44268
-
ImageMagick
ImageMagick is a powerful, open-source software suite for creating, editing, converting, and manipulating images in over 200 formats. Ideal for web developers, graphic designers, and researchers, it offers versatile tools for image processing, including batch processing, format conversion, and complex image transformations.
-
-
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis
When we did cargo run "/etc/passwd" on the file we got an image with code injected into it. When we upload it to the server and download the "shrunken" version of it we can run identify -verbose {image} to get the outputting hex values of our input. Inputting it to something like CyberChef and converting it from hex to ascii we get this output:
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Related posts
-
This is my list for me to learn, is it good enough? Something to add?
-
If OpenSSL Were a GUI
-
Learning JWT security using KumuluzEE — The finances of a league of the environment
-
More storage for media : organize files using ChatGPT : part4, processing on Gentoo
-
Everything I built with Claude Artifacts this week