- Published on
Sudo--l
All Posts
sudo--l (8)
- sqli (7)
- 139445---smb (5)
- ftp (5)
- kerberoast (4)
- rce (4)
- bloodhound (3)
- 389636---ldap (3)
- lfi (3)
- dns (3)
- wordpress (3)
- msfconsole (3)
- openssl (3)
- suid (3)
- routingport-forward (3)
- crackmapexec (3)
- powershell-web-access (2)
- passthecert (2)
- directory-traversal (2)
- brute-force (2)
- drupal (2)
- pivoting (2)
- ms15 (2)
- enumeration (2)
- microsoft-iis (2)
- 161---snmp (2)
- juicypotato (2)
- file-upload (2)
- buffer-overflow (2)
- tomcat (2)
- wget (2)
- certificate (2)
- 22---ssh (2)
- default-credentials (2)
- rfi (2)
- 4555 (1)
- gpp (1)
- powershell (1)
- sam-hashes (1)
- migrate (1)
- ipv6-relay-attack (1)
- mimikatz (1)
- golden-ticket-attack (1)
- group-policy-preferences (1)
- impacket (1)
- url-file-attack (1)
- ansible (1)
- certipy (1)
- gdb (1)
- intruder (1)
- screen (1)
- stored-user-agent (1)
- log-file-poisoning (1)
- autologon (1)
- web (1)
- nc (1)
- tls-10---443 (1)
- elastix (1)
- webmin (1)
- eternal-blue (1)
- webconfig (1)
- smtp (1)
- nslookup (1)
- command-injection (1)
- crontab (1)
- xxe (1)
- pwnkit (1)
- groups (1)
- raw-image (1)
- debugfs (1)
- python (1)
- h2 (1)
- 111---portmapper (1)
- 6697---unrealircd (1)
- irc (1)
- ssh-keygen (1)
- hash (1)
- kbdx (1)
- ssrf (1)
- psy-shell (1)
- nmap-vuln (1)
- nmap-suid (1)
- wireshark (1)
- tcpdump (1)
- imagemagick (1)
- exiftool (1)
- neofetch (1)
- ejpt (1)
- prtg-network-monitor (1)
- mime (1)
- changenamesh (1)
- knock (1)
- chkrootkit (1)
- httpfileserver (1)
- pandora-cms (1)
- path (1)
- rocket (1)
- pkexec (1)
- polkit (1)
- base64-decode (1)
- ps-aux (1)
- vnc (1)
- keepass (1)
- smbclientpy (1)
- silver-ticket (1)
- deserialization-attack (1)
- gmsa (1)
- enumerating (1)
- subdomain (1)
- sqlmap (1)
- htaccess (1)
- netstat (1)
- npm (1)
- cgi-bin (1)
- perl (1)
- oracle (1)
- odat (1)
- opt (1)
- firefox-passwords (1)
- program-files (1)
- writeowner (1)
- finger (1)
- password-cracking (1)
- magento (1)
- jamovi (1)
- bolt (1)
- ssti (1)
- chisel (1)
- mongodb (1)
- shocker (1)
- sharepoint (1)
- kdbx (1)
- tar (1)
- evil-winrm (1)
- net-user (1)
- 22-ssh (1)
- heartbleed (1)
- history (1)
- active-directory (1)
- Published on
Eventually landed upon finding SQLi on /room.php?cod=, so we dump databases with sqlmap. Foothold is a simple phpMyAdmin credential login, then a phpMyAdmin 4.8.0 exploit to gain a shell. Root was obtained from exploiting root.service.- Published on
Enumeration brought me to the realization that we are working with Magento. Whenever you have Magento, magescan is your best course of action. Then, we exploit magento with RCE to come to an admin panel. Eventually, we get a shell from exploiting Magento's Admin Panel. Root was a simple privesc, with sudo -l.- Published on
Enumerated with ffuf, to come to the realization that this is just a shocker exploit. Sudo -l listed perl so perl was our privesc.- Published on
Jail from HTB, working with Buffer Overflow, and a lot of pivoting.- Published on
Exploiting port 79 using finger, cracking passwords, privesc with sudo -l, to then find wget is exploitable.- Published on
Discovered a login page, found it had default credentials, exploited a file upload, and privilege escalated with sudo -l.- Published on
Very basic machine where we can get foothold through the landing page, and then privesc with sudo -l.