This was a simple Linux machine that required to enumerate a web server and exploit a remote code execution vulnerability affecting Fuel CMS to gain initial access, and exposed clear-text database credentials to escalate privileges to root.
Read moreThis was an easy Linux machine that required to exploit a remote command execution backdoor affecting PHP 8.1.0-dev to obtain initial access and the Knife binary with Sudo permissions enabled to escalate privileges to root.
Read moreUser-Defined Functions in MySQL are used to extend the functionality by adding external code that will work the same as inbuilt functions. Certain versions of MySQL are affected by vulnerabilities that could allow attackers with database root access to execute code in the context of the MySQL process, which is often root, and escalate privileges.
Read moreThis is the third iteration of the Hacker Playbook series, it teaches various penetration testing techniques such as web application exploitation, active directory, lateral movement, privilege escalation, and much more. This book helped me greatly when I began my OSCP journey and I could recommend this enough.
Read moreThis was an easy Linux machine that involved exploiting a file upload functionality to gain initial access and a binary with the SETUID bit assigned to escalate privileges to root.
Read moreWindows allows users to set specific applications to automatically start whenever a user authenticates, by placing their executables in a directory designed specifically for startup programs. Although this feature can be very handy, if startup programs are set up with improper permissions it may allow attackers to escalate privileges, as these programs are executed in the context of the user who is logging in at that point in time.
Read moreThis was an intermediate Linux machine that required hijacking a user session by abusing the “kid” JWT token parameter to gain initial access and exploiting a vulnerability in Docker to escape the container and obtain root privileges.
Read moreThis was an intermediate Linux machine that involved exploiting a remote file inclusion in the WordPress plugin to gain initial access and various misconfigurations with the Tar binary to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved deciphering a password encrypted using the Vigenere cipher to gain initial access, exploiting a cron job to escalate to the tweedledum user, cracking user hashes to escalate to the humptydumpty user, accessing a private SSH key on the machine to escalate to the alice user and exploiting a misconfigured Sudo rule to escalate privileges to root.
Read moreThis was an easy Linux machine that involved exploiting the Ghostcat vulnerability affecting Apache Tomcat to gain initial access, cracking the hash of a GPG private key and exploiting the Zip binary with Sudo permissions enabled to escalate privileges to root.
Read more