Magento

All Posts

sudo--l (8)
sqli (7)
139445---smb (5)
ftp (5)
kerberoast (4)
rce (4)
bloodhound (3)
389636---ldap (3)
lfi (3)
dns (3)
wordpress (3)
msfconsole (3)
openssl (3)
suid (3)
routingport-forward (3)
crackmapexec (3)
powershell-web-access (2)
passthecert (2)
directory-traversal (2)
brute-force (2)
drupal (2)
pivoting (2)
ms15 (2)
enumeration (2)
microsoft-iis (2)
161---snmp (2)
juicypotato (2)
file-upload (2)
buffer-overflow (2)
tomcat (2)
wget (2)
certificate (2)
22---ssh (2)
default-credentials (2)
rfi (2)
4555 (1)
gpp (1)
powershell (1)
sam-hashes (1)
migrate (1)
ipv6-relay-attack (1)
mimikatz (1)
golden-ticket-attack (1)
group-policy-preferences (1)
impacket (1)
url-file-attack (1)
ansible (1)
certipy (1)
gdb (1)
intruder (1)
screen (1)
stored-user-agent (1)
log-file-poisoning (1)
autologon (1)
web (1)
nc (1)
tls-10---443 (1)
elastix (1)
webmin (1)
eternal-blue (1)
webconfig (1)
smtp (1)
nslookup (1)
command-injection (1)
crontab (1)
xxe (1)
pwnkit (1)
groups (1)
raw-image (1)
debugfs (1)
python (1)
h2 (1)
111---portmapper (1)
6697---unrealircd (1)
irc (1)
ssh-keygen (1)
hash (1)
kbdx (1)
ssrf (1)
psy-shell (1)
nmap-vuln (1)
nmap-suid (1)
wireshark (1)
tcpdump (1)
imagemagick (1)
exiftool (1)
neofetch (1)
ejpt (1)
prtg-network-monitor (1)
mime (1)
changenamesh (1)
knock (1)
chkrootkit (1)
httpfileserver (1)
pandora-cms (1)
path (1)
rocket (1)
pkexec (1)
polkit (1)
base64-decode (1)
ps-aux (1)
vnc (1)
keepass (1)
smbclientpy (1)
silver-ticket (1)
deserialization-attack (1)
gmsa (1)
enumerating (1)
subdomain (1)
sqlmap (1)
htaccess (1)
netstat (1)
npm (1)
cgi-bin (1)
perl (1)
oracle (1)
odat (1)
opt (1)
firefox-passwords (1)
program-files (1)
writeowner (1)
finger (1)
password-cracking (1)
magento (1)
jamovi (1)
bolt (1)
ssti (1)
chisel (1)
mongodb (1)
shocker (1)
sharepoint (1)
kdbx (1)
tar (1)
evil-winrm (1)
net-user (1)
22-ssh (1)
heartbleed (1)
history (1)
active-directory (1)

Published on
September 30, 2023
HTB SwagShop
Magento sudo--l
Enumeration brought me to the realization that we are working with Magento. Whenever you have Magento, magescan is your best course of action. Then, we exploit magento with RCE to come to an admin panel. Eventually, we get a shell from exploiting Magento's Admin Panel. Root was a simple privesc, with sudo -l.

Magento

magento (1)

HTB SwagShop