Editorial
SSRF exposes credentials, latteral movement is possible via past git commits, privesc by exploiting GitPython.
👋 Hey, these are my write-ups!
📰 This section has an RSS feed!
SSRF exposes credentials, latteral movement is possible via past git commits, privesc by exploiting GitPython.
Webpage with SQLi and file upload vulnerability. Escalate to root by abusing a script that runs as sudo.
A Ruby webserver with a template injection vulnerability, leading to a reverse shell and brute-forcing hashes for a privilege escalation to root.
Simple webserver with a contact form vulnerable to XSS. Escalate to root by abusing a script that runs as sudo.
Simple webserver with a CRM software vulnerable to RCE. Escalate to root by abusing the enlightenment_sys SUID binary.
Someone has compromised this server already! Can you get in and evade their countermeasures?
I made a website where you can look at pictures of dogs and/or cats! Exploit a PHP application via LFI and break out of a docker container.
Compromise a Joomla CMS account via SQLi, practise cracking hashes and escalate your privileges by taking advantage of yum.