Image for post
Image for post

Basic Promise

To first understand a Promise let us construct a basic asynchronous function that will return a Promise then we will talk about the anatomy of the Promise.

A note: We will use timeout functions to simulate an async function

function foo(numIn) {
return new Promise((resolve, reject) => {
if (numIn < 0) {
return reject('Negative Number');
}
setTimeout(() => {
resolve(numIn);
}, 1000);
});
}

So let us quickly breakdown what is exactly happening here. Function foo will take in a numeric value. Then if the value is less than 0 we reject it. Otherwise we wait a second and resolve the Promise and pass in the value we put in. Note that we return the reject and not the resolve as we want to ensure the Promise finishes and does not latter resolve. …


Dina is a fun easy vulnerable machine, it can be found at VulnHub. In total I quite enjoyed this box and would definitely recommend it to anyone who is learning, as I am.

Initial Recon

As I mentioned in a previous guide I typically use arp-scan to find the machine. Starting off I run nmap on the target, nothing interesting comes up except an Apache server running on port 80. Taking a look on Firefox we find the site that is running.

Image for post
Image for post
Dina home webpage

Looking in the source code of the html page we find that the “Submit Query” button sends a post request to /ange1, however it seems that the actual method attribute on the form is misspelled. …


This is my walk-through of the solutions I took to complete the ch4inrulz 1.0.1 vulnerable machine. The VM can be found at VulnHub.

Initial Probing & Recon

My first step is to usually run an nmap against the vulnerable machine

Image for post
Image for post
nmap of VM

So looks like we have two http services, one on the typical port 80 and the other on 8011. One revealed what happened to be a standard resume site that is in progress the other, more interestingly was a “Development Server”


Book Keeping

If you are interested in a cliff-noted sequence of steps I recommend that you go check out the repository used in this example. In the README I have written all the steps in a condensed version that will require leg work on your part.

For the purposes of this guide I will be assuming that:
1. You are on a UNIX/Mac OS System (apologies to Windows Users! I am a little biased!)
2. You have npm and node installed ( sudo apt install node npm)
3. You have not worked a lot with node, however my descriptions will be brief on each topic and focused to the task at hand. I always recommend looking into the docs for further explanations on each aspect as well as other side topics I did not cover
3. …


So I’ve been working on my pen-testing skills and took up Matrix 1 from VulnHub. This one turned out to be quite enjoyable, also because it is now the first one I was able to do without looking up steps in what to do next. Although doing others at points (as being relatively new to pen-testing) I had to look up steps on what to do next for those VMs but not this one!

Initial Steps

The first step like any was a pretty simple step and was to find the machine itself. My usual step here is to run arp-scan. …

About

Francisco Trindade

A Full-Stack Dev/Security Enthusiast http://franciscot.me

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store