Library

Brute forcing SSH access and escalating using a poorly configured sudo rule

December 27, 2024

CyberLens

Exploiting Apache Tika 1.17 with MetaSploit and abusing `AlwaysInstallElevated` to escalate to SYSTEM

December 26, 2024

Lookup

Using FFUF to brute force a user name and password and abusing a binary to read files as root

December 16, 2024

Cicada

Ldap search for users and smb enum. User has SeBackupPrivilege and SeRestorePrivilege to backup the ntds.dit and system hive

October 16, 2024

Anonforce

Anonymous FTP access and cracking a private GPG key file

August 27, 2024

Brooklyn Nine Nine

Steganography and a GTFOBin for Nano and Less

August 26, 2024

Easy Peasy

Finding hidden directories, using steghide and abusing a cronjob to escalate to root

August 23, 2024

Enumeration & Brute Force

Brute forcing basic auth with Hydra and a OTP with a custom python script

August 3, 2024

mKingdom

Using default credentials to access the CMS, uploading a malicious PHP file to get RCE and escalating privileges using write access to /etc/hosts

June 28, 2024

Cyborg

Cracking the password of a Borg archive and abusing permissions to execute code as root

May 18, 2024