All Posts

  • Published on
    Apache misconfiguration that allowed me to gain foothold by bypassing a MIME upload, then I executed RCE to shell. For root, there was a changename.sh file which cleaned up the uploads directory, but I changed it to give root.
  • Published on
    First exploited VSFTP, which returned a shell through Psy Shell, then we sign a client certificate to authenticate ourselves. Now, we exploit directory traversal to gain an ssh key. For root, we notice a process executing frequently, so we use that functionality to route to a reverse shell that gives me root access.
  • Published on
    Funny box, met with a lot of memes which indicated I was getting closer or further from the objective, enumerating SMB & DNS, to then exploit LFI and privesc with python.