Elevate to SYSTEM privilege (Windows)

Hi everyone! This is post is on elevating your CMD to SYSTEM access. Let’s get started! Requirements Psexec.exe (Sysinternal tool) Local administration privilege Obtaining SYSTEM Firstly, launch CMD in administrative privilege if you are on GUI. Otherwise, make sure you are on an admin account in a reverse/bind shell. Local spawn CMD In your CMD: […]

Accessing MS SQL server’s windows shell

Hi everyone! Today’s post is on trying to access the Microsoft SQL server’s winshell from Linux or Unix. This is useful during pentesting or CTF if you have the SQL credentials and ability to remotely access the SQL service. Having access to the winshell means you have access to the system’s files. Let’s get started! […]

Simple path hijacking (Unix/Unix-like)

Hi everyone! Today’s post is on path injection. Let’s get started. Identifying path injection vulnerability There are many ways that may lead to path injection vulnerability. However, this post will only focus on path injection vulnerability in bash scripts. Path injection vulnerability usually occurs if root users do not specify the full path of the […]

How to get started with hacking?

Hi everyone! Today’s post is to answer a very commonly asked question by many people on social media or YouTube comments. So if you are one of them who is wondering, I hope these guidelines will help you to get started. Disclaimer: The purpose of this post is to help others get into ethical hacking. […]

Interested to become a security researcher or pentester?

Have you ever wondered what it takes to become a security researcher or pentester? Feeling lost watching random YouTube videos while not understanding a single thing or how to apply them? TryHackMe.com‘s new learning path will guide you step-by-step on what you need to know to start from the very basics! TryHackMe.com/path/outline/presecurity┬áteaches many different contents […]

Simple reverse shell (GNU/Linux version)

Dear readers, Sometimes we may want to spawn a reverse shell from the server we have just pawned especially a Linux web server. It seems trouble to generate a payload from msfvenom. Therefore, here is some easy bash-based reverse shell. Setting up a listening port for incoming TCP connection We can use netcat to listen […]