While working on a pentest lab which required abusing dnsadmin privileges, I came across this post , which is really good but felt like it didn’t properly explain few things including syntax. So this post is just an extension of… Continue Reading →
How I found a Remote Code Execution in OpenEDX OpenEDX platform is really cool Learning Management System, which is also Open source (this time I was testing the Ironwood release 2.5). You can check it out here: https://open.edx.org/the-platform/ When I… Continue Reading →
1st a nmap scan root@kali:/opt/MS17-010-2012# nmap -A 10.10.148.6 Starting Nmap 7.70 ( https://nmap.org ) at 2020-05-18 03:19 EDT Stats: 0:01:03 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan Nmap scan report for 10.10.148.6 Host is up (0.028s latency)…. Continue Reading →
The Walkthrough corresponds to tomghost machine of tryhackme:-https://tryhackme.com/room/tomghost Vulnerability(CVE-2020-1938):- The Information of Vulnerability is given as:- https://www.chaitin.cn/en/ghostcathttps://medium.com/@scottc130/understanding-the-ghost-cat-vulnerability-cve-2020-1938-79ceae327599Ghostcat is described as “AJP Request Injection and potential Remote Code Execution Enumeration:- Nmap scan:- nmap -sC -sV tomghost.thm22/tcp open ssh OpenSSH 7.2p2 Ubuntu… Continue Reading →
In this post I’ll be covering Fwhibbit’s CTF in cooperation with an online conference called C0r0n4CON to support Cruz Roja NGO in their fight against coronavirus. At the time i’m writing this article, c0r0n4CON has almost raised 40k€ for this… Continue Reading →
There is no excerpt because this is a protected post.