Posts by Tag

• eWPT 5
• PHP 2
• Apache 2
• FTP 2
• SSH 2
• HTTP 2
• OSWE 2
• Information Leakage 2
• Subdomain Enumeration 2
• Metasploit 2
• eJPT 2
• Web Site Structure Discovery 1
• Cookie Manipulation 1
• SUID Exploitation 1
• Authentication bypass 1
• Arbitrary File Upload 1
• Path Hijacking 1
• Vulnerability Assessment 1
• Databases 1
• Custom Applications 1
• Protocols 1
• Source Code Analysis 1
• PostgreSQL 1
• Reconnaissance 1
• Password Cracking 1
• SUDO Exploitation 1
• SQL Injection 1
• Remote Code Execution 1
• Clear Text Credentials 1
• Anonymous/Guest Access 1
• Apache OFBiz EXploitation (Authentication Bypass) 1
• ANalysis of OFBiz code to understand the hashed storage mechanism 1
• Adapating found hashes to a crackable format 1
• Cracking Hashes [Privilege Escalation] 1
• Docker 1
• Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) 1
• Cracking Hashes (Hashcat) 1
• Abusing the Jenkins cipher to crack the password [Privilege Escalation] 1
• Abusing declared Javascript functions from the browser console 1
• Abusing the API to generate a valid invite code 1
• Abusing the API to elevate our privilege to administrator 1
• Command injection via poorly designed API functionality 1
• Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability 1
• OSCP 1
• LFI through CV Download 1
• Abusing ViewState IIS Parameter + web.config secrets to achieve RCE 1
• Playing with ysoserial.net to create a serialized payload 1
• Reading a powershell credential and decrypting the contents of the PSCredential object 1
• RunasCs.exe to execute command as another user whose credentials are known to us 1
• Abusing SeDebugPrivilege [Privilege Escalation] 1
• Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution] 1
• GitHub Pages 1
• Jekyll 1
• Ruby 1
• Bundler 1
• Desarrollo web 1
• Markdown 1
• Linux 1
• Web Enumeration 1
• PCAP Analysis 1
• CVE-2024-21413 1
• CVE-2023-2255 1
• nmap 1
• hashcat 1
• john 1
• responder 1
• evil-winrm 1
• podman 1
• crackmapexec 1
• swaks 1
• netcat 1
• smbclient 1
• nishang 1
• libreoffice 1
• powershell 1
• smb 1
• smtp 1
• ntlm 1
• ws-management 1
• Chamilo LMS Exploitation 1
• Unauthenticated Command Injection [CVE-2023-31803] (RCE) 1
• Abusing Sudoers 1
• Custom Bash Script (playing with setfacl) [Privilege Escalation] 1

eWPT

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Builder

June 04, 2024  

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Bizness

May 29, 2024  

eWPT Apache OFBiz EXploitation (Authentication Bypass) ANalysis of OFBiz code to understand the hashed storage mechanism Adapating found hashes to a crackable format Cracking Hashes [Privilege Escalation]

Back to Top ↑

PHP

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

Apache

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

FTP

Cap

September 01, 2024  

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

SSH

Cap

September 01, 2024  

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

Builder

June 04, 2024  

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Back to Top ↑

HTTP

Cap

September 01, 2024  

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

Builder

June 04, 2024  

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Back to Top ↑

OSWE

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Back to Top ↑

Information Leakage

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Back to Top ↑

Subdomain Enumeration

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

Metasploit

Lame

June 18, 2024  

eJPT Metasploit Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

eJPT

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Lame

June 18, 2024  

eJPT Metasploit Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]

Back to Top ↑

Web Site Structure Discovery

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

Cookie Manipulation

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

SUID Exploitation

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

Authentication bypass

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

Arbitrary File Upload

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

Path Hijacking

Oopsie

March 17, 2024  

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑

Vulnerability Assessment

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Databases

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Custom Applications

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Protocols

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Source Code Analysis

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

PostgreSQL

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Reconnaissance

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Password Cracking

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

SUDO Exploitation

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

SQL Injection

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Remote Code Execution

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Clear Text Credentials

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Anonymous/Guest Access

Vaccine

May 26, 2024  

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Back to Top ↑

Apache OFBiz EXploitation (Authentication Bypass)

Bizness

May 29, 2024  

eWPT Apache OFBiz EXploitation (Authentication Bypass) ANalysis of OFBiz code to understand the hashed storage mechanism Adapating found hashes to a crackable format Cracking Hashes [Privilege Escalation]

Back to Top ↑

ANalysis of OFBiz code to understand the hashed storage mechanism

Bizness

May 29, 2024  

eWPT Apache OFBiz EXploitation (Authentication Bypass) ANalysis of OFBiz code to understand the hashed storage mechanism Adapating found hashes to a crackable format Cracking Hashes [Privilege Escalation]

Back to Top ↑

Adapating found hashes to a crackable format

Bizness

May 29, 2024  

eWPT Apache OFBiz EXploitation (Authentication Bypass) ANalysis of OFBiz code to understand the hashed storage mechanism Adapating found hashes to a crackable format Cracking Hashes [Privilege Escalation]

Back to Top ↑

Cracking Hashes [Privilege Escalation]

Bizness

May 29, 2024  

eWPT Apache OFBiz EXploitation (Authentication Bypass) ANalysis of OFBiz code to understand the hashed storage mechanism Adapating found hashes to a crackable format Cracking Hashes [Privilege Escalation]

Back to Top ↑

Docker

Builder

June 04, 2024  

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Back to Top ↑

Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE)

Builder

June 04, 2024  

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Back to Top ↑

Cracking Hashes (Hashcat)

Builder

June 04, 2024  

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Back to Top ↑

Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Builder

June 04, 2024  

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Back to Top ↑

Abusing declared Javascript functions from the browser console

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Back to Top ↑

Abusing the API to generate a valid invite code

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Back to Top ↑

Abusing the API to elevate our privilege to administrator

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Back to Top ↑

Command injection via poorly designed API functionality

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Back to Top ↑

Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

TwoMillion

June 11, 2024  

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Back to Top ↑

OSCP

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

LFI through CV Download

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

Abusing ViewState IIS Parameter + web.config secrets to achieve RCE

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

Playing with ysoserial.net to create a serialized payload

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

Reading a powershell credential and decrypting the contents of the PSCredential object

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

RunasCs.exe to execute command as another user whose credentials are known to us

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

Abusing SeDebugPrivilege [Privilege Escalation]

Pov

June 17, 2024  

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

Back to Top ↑

Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]

Lame

June 18, 2024  

eJPT Metasploit Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]

Back to Top ↑

GitHub Pages

GitHub Pages

August 28, 2024  

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Back to Top ↑

Jekyll

GitHub Pages

August 28, 2024  

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Back to Top ↑

Ruby

GitHub Pages

August 28, 2024  

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Back to Top ↑

Bundler

GitHub Pages

August 28, 2024  

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Back to Top ↑

Desarrollo web

GitHub Pages

August 28, 2024  

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Back to Top ↑

Markdown

GitHub Pages

August 28, 2024  

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Back to Top ↑

Linux

Cap

September 01, 2024  

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

Back to Top ↑

Web Enumeration

Cap

September 01, 2024  

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

Back to Top ↑

PCAP Analysis

Cap

September 01, 2024  

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

Back to Top ↑

CVE-2024-21413

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

CVE-2023-2255

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

nmap

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

hashcat

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

john

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

responder

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

evil-winrm

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

podman

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

crackmapexec

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

swaks

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

netcat

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

smbclient

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

nishang

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

libreoffice

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

powershell

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

smb

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

smtp

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

ntlm

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

ws-management

Mailing

September 21, 2024  

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Back to Top ↑

Chamilo LMS Exploitation

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Back to Top ↑

Unauthenticated Command Injection [CVE-2023-31803] (RCE)

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Back to Top ↑

Abusing Sudoers

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Back to Top ↑

Custom Bash Script (playing with setfacl) [Privilege Escalation]

PermX

November 15, 2024  

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Back to Top ↑