Category
I decided to make this guide due to the lack of material on this topic and my own struggles with GraphQL. Its purpose is to provide pentesters with the necessary tools to perform tests against GraphQL implementations. I encourage you to do further research and practice on your own with the references provided at the end.
Read moreCertain applications may be running or may be allowed to run with higher privileges than the current user due to their need to access particular system files or simply due to misconfigurations. Since anything done within the said application will be executed with the privileges of the process, if it allows to perform other actions such as opening a command prompt or running executables those will also be executed with high privileges, therefore allowing to escalate privileges.
Read moreUser-Defined Functions in MySQL are used to extend the functionality by adding external code that will work the same as inbuilt functions. Certain versions of MySQL are affected by vulnerabilities that could allow attackers with database root access to execute code in the context of the MySQL process, which is often root, and escalate privileges.
Read moreWindows allows users to set specific applications to automatically start whenever a user authenticates, by placing their executables in a directory designed specifically for startup programs. Although this feature can be very handy, if startup programs are set up with improper permissions it may allow attackers to escalate privileges, as these programs are executed in the context of the user who is logging in at that point in time.
Read moreThis was an intermediate Windows machine that involved exploiting a stack buffer overflow vulnerability to gain initial access and dumping and decrypting Mozilla Firefox credentials stored on the box to escalate privileges to system.
Read moreThis was an intermediate Linux machine that involved exploiting a stack buffer overflow vulnerability to gain SYSTEM level access to the box.
Read moreCapabilities in Linux are special attributes that can be allocated to processes, binaries, services and users and they can allow them specific privileges that are normally reserved for root-level actions, such as being able to intercept network traffic or mount/unmount file systems. If misconfigured, these could allow an attacker to elevate their privileges to root.
Read moreThis room is part of the TryHackMe Offensive Security path and it aims to teach or consolidate stack buffer overflow exploitation skills for students aspiring to take on the OSCP certification exam.
Read moreNetwork File System is a protocol that allows users to access files over a computer network much like local storage is accessed, like many other protocols, it builds on the Open Network Computing Remote Procedure Call (ONC RPC) system. If misconfigured, it could allow regular users to escalate privileges to root.
Read moreWindows allows users to set specific programs to automatically start whenever the system boots, the list of programs that have this functionality enabled is stored in the Windows Registry. Although this feature can be very handy if startup programs are setup with improper permissions it may allow attackers to escalate privileges, as these programs are executed in the context of the user who is logging in at that point in time.
Read more