Protected: Proving Grounds – Nickel Write-up
There is no excerpt because this is a protected post.
Category: Security
Protected: Proving Grounds – CalmAV Write-up
There is no excerpt because this is a protected post.
Elevate to SYSTEM privilege (Windows)
Hi everyone! This is post is on elevating your CMD to SYSTEM access. Let’s get started! Requirements Psexec.exe (Sysinternal tool) Local administration privilege Obtaining SYSTEM Firstly, launch CMD in administrative privilege if you are on GUI. Otherwise, make sure you are on an admin account in a reverse/bind shell. Local spawn CMD In your CMD: […]
TryHackMe – Buffer Overflow Prep cheatsheet
Hi everyone! This post is a compilation of John Hammond’s recent video on Buffer Overflow OSCP preparation from TryHackMe. You can see his video here: Anyway, I will be using the OVERFLOW4 prefix instead. So watch his video if you haven’t. The cheatsheet below will allow you to quickly copy & paste, make some changes […]
Accessing MS SQL server’s windows shell
Hi everyone! Today’s post is on trying to access the Microsoft SQL server’s winshell from Linux or Unix. This is useful during pentesting or CTF if you have the SQL credentials and ability to remotely access the SQL service. Having access to the winshell means you have access to the system’s files. Let’s get started! […]
Simple path hijacking (Unix/Unix-like)
Hi everyone! Today’s post is on path injection. Let’s get started. Identifying path injection vulnerability There are many ways that may lead to path injection vulnerability. However, this post will only focus on path injection vulnerability in bash scripts. Path injection vulnerability usually occurs if root users do not specify the full path of the […]
How to get started with hacking?
Hi everyone! Today’s post is to answer a very commonly asked question by many people on social media or YouTube comments. So if you are one of them who is wondering, I hope these guidelines will help you to get started. Disclaimer: The purpose of this post is to help others get into ethical hacking. […]
Interested to become a security researcher or pentester?
Have you ever wondered what it takes to become a security researcher or pentester? Feeling lost watching random YouTube videos while not understanding a single thing or how to apply them? TryHackMe.com‘s new learning path will guide you step-by-step on what you need to know to start from the very basics! TryHackMe.com/path/outline/presecurity teaches many different contents […]
Simple reverse shell (GNU/Linux version)
Dear readers, Sometimes we may want to spawn a reverse shell from the server we have just pawned especially a Linux web server. It seems trouble to generate a payload from msfvenom. Therefore, here is some easy bash-based reverse shell. Setting up a listening port for incoming TCP connection We can use netcat to listen […]
GOT attack utilizing Double Free vulnerability
Dear readers, Today I want to talk about GOT attack using Double Free. I was reading on GOT attack and stumbled across a lecture slide by Indiana University Bloomington. The link to the lecture slide can be found here. The exploit on GOT using Double Free vulnerability is pretty interesting however there are a lot […]
Lamecarrot 
You must be logged in to post a comment.