Omar Tsai

Migrating from DigitalOcean to Oracle Use case My use-case was relatively simple. We needed an application to track supply chain demands over time. The reason was that the company I was working with were still using hand-written notes and sending these notes to vendors who would then transcribe it and send assets over. All of this took a lot of overhead and time; furthermore, it was very easy to forget what kind of assets were already purchased since there was no searchable history. The tech stack built to approach this problem was a front-end built in react and hosted statically. The backend was a simple Django application, simply wrapping around my DB and simply hosting the API / backend. This was the only thing I needed to host and honestly it could be a completely serverless application, but I didn't want to muck around too much with serverless as this project had a timeline of a week. Digital Ocean Digital ocean, as you may already know, is a cloud hosting provider for develop

TheValley Recon A simple Rustscan shows us that there are 3 ports open.       We see that port 22 is for SSH, port 80 is for the web server, and port 37378 is for FTP based on the version scan from NMAP: Trying to connect to the FTP server results in nothing. So we start looking on the web server. Initial Foothold We run Gobuster, and find the following directories: all of which we look around but don't notice anything interesting off the bat (using both ZAP and viewing the source code). However, we find something interesting when we run Gobuster on one directory lower (on the /static directory). So we go to `/00` and find that it has a note: so we navigate to the directory /dev1243224123123  and find a login page and viewing the source page, we see the login username and password in the dev.js script! Logging in, it says that the credentials are re-used with FTP. So we take the same credentials and use it for FTP: and we transfer those files to our computer for further analysis. W