Zetta write-up by limbernie

From RFC2428 to capture IPv6 address, to rsync hidden module, to SQLi through syslog. What a ride!

That is great writeup, thanks for sharing)

very good

That was a really good summary of the box! One thing I’d like to add is that you could also log the INSERT INTO commands for debugging purposes via /var/log/postgres/main/log.1 (something like that, I don’t have my VM on right now).

Great job! I think it is worth mentioning which configuration mistake causes that you can download the content of /etc.