Directory-traversal

  • Published on
    Exploited a WordPress plugin that exploited Directory Traversal, then enumerated ports with Burpsuite's Intruder functionality. Then we find RCE on a GDB server, which gives foothold. For root, it was a simple screen exploit.
  • Published on
    First exploited VSFTP, which returned a shell through Psy Shell, then we sign a client certificate to authenticate ourselves. Now, we exploit directory traversal to gain an ssh key. For root, we notice a process executing frequently, so we use that functionality to route to a reverse shell that gives me root access.