Hi everyone! This article is on a Linux easy machine that requires enumerating the downloaded metadata of the PDF file from tbe website for foothold, enumerating directories for password to another user, and finally exploiting sudo privilege misconfiguration and Yaml.load Ruby deserialization for privilege escalation. Let’s get started! 1. Nmap $ IP=10.10.11.189 $ sudo nmap […]
Hi everyone! This write-up is on an easy Linux machine which focused on enumerating the webpage source for backdoor access to login to a webpage, using command injection vulnerability for initial access, and path hijacking via sudo for root privilege. Let’s get started! 1. Nmap enumeration $ IP=10.10.11.182 $ sudo nmap -sC -sV -p- $IP […]
Hi everyone! This is a Linux machine where the initial access is very CTF-like thus is not to my liking. However, I like the privilege escalation method as it is not very common. The initial access requires us to enumerate DNS such as zone transfer to reveal the subdomain name. There are plenty of rabbit […]
Hi everyone! This is a Linux machine that requires exploiting SSTI in a Java SpringFramework application via a search bar on the webpage for RCE and then initial access. For privilege escalation, we will need to emulate what group the user is in, discover a log file he/she has access to, use pspy to discover […]
Hi everyone! Today’s write-up is on Paper, an easy Linux machine from HackTheBox. This machine requires us to enumerate the HTTP response header to discover the domain name, enumerate the version of WordPress for a vulnerability, and a specific comment in a post before having the knowledge to exploit the vulnerability to read secret content […]
Hi everyone! This is a Linux machine challenge that was created on 24 April 2022. This machine requires us to utilize Optical Character Recognition (OCR) in Python for SSTI which gives us initial access. For privilege escalation, we are required to enumerate files in the victim machine owned by the user and modify a script […]
Hi everyone! NahamCon CTF 2022 was held from 29/4-30/4. This Personnel challenge is on REGEX injection to leak the flag. Let’s get started! Files provided app.py Outlook of the website We can see there is a search bar for us to input stuff. Looking at the HTML source code, we can see the form will […]
Hi everyone! This write-up is on Backdoor, an easy Linux machine. I wouldn’t say this machine is actually easy. This machine requires us to manually enumerate WordPress’s plugin directory, and exploit the directory traversal vulnerability to leak process. Exploit the gdbserver process to obtain a reverse shell before attaching to the root’s screen session for […]
Hi everyone! This post is on picoCTF 2022 write-up for web exploitation that was held from 16th March 2022 to 30th Mar 2022. It covers the basics of analyzing the client source codes, path traversal, robots.txt, modifying cookies, directory fuzzing, and SQL injection. Let’s get started! 1. Includes Below shows the main page of the […]
Hi everyone! Today’s post is on Previse, an easy HackTheBox Linux machine. This machine was released on 8 August 2021. In this machine, a URL redirect status 302 is exploited to leak the actual web page without logining in, exploiting unsanitized POST data run on the server’s PHP’s exec(), extracting user password from one-liner MySQL […]
Lamecarrot 
You must be logged in to post a comment.