MYSTIKO

Secrets are meant to be secret

DNS Admin Privesc in Active Directory (AD)(Windows)

While working on a pentest lab which required abusing dnsadmin privileges, I came across this post , which is really good but felt like it didn’t properly explain few things including syntax. So this post is just an extension of… Continue Reading →

How I found a Remote Code Execution in OpenEDX

How I found a Remote Code Execution in OpenEDX OpenEDX platform is really cool Learning Management System, which is also Open source (this time I was testing the Ironwood release 2.5). You can check it out here: https://open.edx.org/the-platform/ When I… Continue Reading →

TryHackMe King of the hill

1st a nmap scan root@kali:/opt/MS17-010-2012# nmap -A 10.10.148.6 Starting Nmap 7.70 ( https://nmap.org ) at 2020-05-18 03:19 EDT Stats: 0:01:03 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Nmap scan report for 10.10.148.6 Host is up (0.028s latency)…. Continue Reading →

OpenAdmin

OpenAdmin retired today, was an easy Linux machine and was fun to root. So here’s my writeup for the same. Nmap scan gave us only two ports open. Port 22 (SSH) and 80 (HTTP) SSH seems to be latest version… Continue Reading →

DLL Hijacking Through Forwarding Technique.

What Is DLL Forwarding ? DLL forwarding is a technique in which a dll forward all faction request to different dll file. Ex. in below Image Application is using Proxy DLL file to execute its request through Real DLL. You… Continue Reading →

Postman

The Walkthrough corresponds to tomghost machine of tryhackme:-https://tryhackme.com/room/tomghost Vulnerability(CVE-2020-1938):- The Information of Vulnerability is given as:- https://www.chaitin.cn/en/ghostcathttps://medium.com/@scottc130/understanding-the-ghost-cat-vulnerability-cve-2020-1938-79ceae327599Ghostcat is described as “AJP Request Injection and potential Remote Code Execution Enumeration:- Nmap scan:- nmap -sC -sV tomghost.thm22/tcp open ssh OpenSSH 7.2p2 Ubuntu… Continue Reading →

DLL Hijacking Attack

Even though we routinely use computer application to play out our everyday Task, not many of us know or will, in general, consider the ramifications of how this software is built, and any shortcomings it may be vulnerable as it… Continue Reading →

Unquoted Service PATH

What is Service in windows ? A service is a small program that usually starts when the Windows operating system loads. You won’t normally interact with services like you do with regular programs because they run in the background (you… Continue Reading →

Fwhibbit CTR (CTF): Solving Mike’s Dungeon

In this post I’ll be covering Fwhibbit’s CTF in cooperation with an online conference called C0r0n4CON to support Cruz Roja NGO in their fight against coronavirus. At the time i’m writing this article, c0r0n4CON has almost raised 40k€ for this… Continue Reading →

Protected: Remote

There is no excerpt because this is a protected post.

« Older posts

© 2020 MYSTIKO — Powered by WordPress

Theme by Anders NorenUp ↑