Posts by Year

2024 11

2024

PermX

November 15, 2024

eWPT eJPT Subdomain Enumeration Chamilo LMS Exploitation Unauthenticated Command Injection [CVE-2023-31803] (RCE) Information Leakage Abusing Sudoers Custom Bash Script (playing with setfacl) [Privilege Escalation]

Mailing

September 21, 2024

CVE-2024-21413 CVE-2023-2255 nmap hashcat john responder evil-winrm podman crackmapexec swaks netcat smbclient nishang libreoffice powershell smb smtp ntlm ws-management

Cap

September 01, 2024

Linux Web Enumeration FTP SSH HTTP PCAP Analysis

GitHub Pages

August 28, 2024

GitHub Pages Jekyll Ruby Bundler Desarrollo web Markdown

Lame

June 18, 2024

eJPT Metasploit Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]

Pov

June 17, 2024

eWPT OSWE OSCP Subdomain Enumeration LFI through CV Download Abusing ViewState IIS Parameter + web.config secrets to achieve RCE Playing with ysoserial.net to create a serialized payload Reading a powershell credential and decrypting the contents of the PSCredential object RunasCs.exe to execute command as another user whose credentials are known to us Abusing SeDebugPrivilege [Privilege Escalation] Metasploit

TwoMillion

June 11, 2024

eWPT OSWE Abusing declared Javascript functions from the browser console Abusing the API to generate a valid invite code Abusing the API to elevate our privilege to administrator Command injection via poorly designed API functionality Information Leakage Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability

Builder

June 04, 2024

eWPT SSH HTTP Docker Jenkins Exploitation CVE-2024-23897 in order to read arbitrary files (RCE) Cracking Hashes (Hashcat) Abusing the Jenkins cipher to crack the password [Privilege Escalation]

Bizness

May 29, 2024

eWPT Apache OFBiz EXploitation (Authentication Bypass) ANalysis of OFBiz code to understand the hashed storage mechanism Adapating found hashes to a crackable format Cracking Hashes [Privilege Escalation]

Vaccine

May 26, 2024

Vulnerability Assessment Databases Custom Applications Protocols Source Code Analysis Apache PostgreSQL FTP PHP Reconnaissance Password Cracking SUDO Exploitation SQL Injection Remote Code Execution Clear Text Credentials Anonymous/Guest Access

Oopsie

March 17, 2024

PHP Apache Web Site Structure Discovery Cookie Manipulation SUID Exploitation Authentication bypass Arbitrary File Upload Path Hijacking

Back to Top ↑