Introduction
IP: 10.10.11.105
S.O.: Ubuntu
For today I will show you how to exploit strapi CMS via a RCE and Laravel also using a RCE
sábado, 5 de febrero de 2022
HTB - Granny
Introduction
IP: 10.10.10.15
S.O: Windows
Today we have a windows machine exposing http port wich supports webdav protocol. We will abuse webdab to upload our malicious webshell and get a reverse shell.
From that we will escalate priviledges exploiting MS09-012 or Token Kidnapping
viernes, 4 de febrero de 2022
HTB CRONOS
Introduction
IP: 10.10.10.13
S.O: Linux
We will use a SQLi vulnerabilityto bypass an authentication system
From that point using a RCE we will get a shell in the victim
Then will privilege escalation abusing of a php script execute via cron as root.
domingo, 30 de enero de 2022
HTB - BASTARD
IP: 10.10.10.9
S.O: Windows
Drupal / SeImpersonatePrivilege
Introduction
We will take advantage of a RCE in drupal to get a reverse shell.
Once in the system, we will escalate priviledge with SeImpersonatePrivilege
viernes, 5 de noviembre de 2021
lunes, 1 de noviembre de 2021
HTB - Legacy
Introduction
IP: 10.10.10.4
S.O: Windows
Today we will break an easy Windows machine called Legacy
You will learn basic SMB vulnerabilities explotation
sábado, 5 de junio de 2021
HTB - Ready
For today we will break a retired and Medium HTB machine called Ready
You will learn basic linux and docker enumeration, we will take advantage of a known gitlab vulnerability which will drive to a RCE
Suscribirse a:
Entradas (Atom)