0so.es

Recent Posts

Environment

September 15, 2025

CVE-2024-52301 CVE-2025-27515 Laravel RCE Nginx Reverse Shell

Strutted

September 10, 2025

Information Leakage Apache Struts Exploitation [CVE-2024-53677] Apache Struts, Interceptors and OGNL Expression Language Explained Abusing File Upload (Malicious JSP File) Abusing Sudoers Privilege (tcpdump) [Privilege Escalation]

PermX

November 15, 2024

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Mailing

September 21, 2024

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Cap

September 01, 2024

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

GitHub Pages

August 28, 2024

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Lame

June 18, 2024

eJPT Metasploit Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]

Pov

June 17, 2024

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

TwoMillion

June 11, 2024

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Builder

June 04, 2024

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]