iconBjarne Verschorre

../write-ups/

👋 Hey, these are my write-ups!
📰 This section has an RSS feed!


Editorial

SSRF exposes credentials, latteral movement is possible via past git commits, privesc by exploiting GitPython.


Usage

Webpage with SQLi and file upload vulnerability. Escalate to root by abusing a script that runs as sudo.


Perfection

A Ruby webserver with a template injection vulnerability, leading to a reverse shell and brute-forcing hashes for a privilege escalation to root.


Headless

Simple webserver with a contact form vulnerable to XSS. Escalate to root by abusing a script that runs as sudo.


Board Light

Simple webserver with a CRM software vulnerable to RCE. Escalate to root by abusing the enlightenment_sys SUID binary.


Hacker vs Hacker

Someone has compromised this server already! Can you get in and evade their countermeasures?


Dogcat

I made a website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI and break out of a docker container.


Daily Bugle

Compromise a Joomla CMS account via SQLi, practise cracking hashes and escalate your privileges by taking advantage of yum.