Anonforce

Anonymous FTP access and cracking a private GPG key file

August 27, 2024

Brooklyn Nine Nine

Steganography and a GTFOBin for Nano and Less

August 26, 2024

U.A. High School

RCE through a hidden command injection parameter, finding credetials with steghide on an image and privilege escalation through a bash script with sudo permissions

August 25, 2024

Easy Peasy

Finding hidden directories, using steghide and abusing a cronjob to escalate to root

August 23, 2024

TakeOver

Vhost / subdomain enumeration and domain takeover

August 7, 2024

Enumeration & Brute Force

Brute forcing basic auth with Hydra and a OTP with a custom python script

August 3, 2024

Publisher

Exploiting SPIP 4.2.0 (CVE-2023-27372) and privilege escalation through Docker

August 2, 2024

mKingdom

Using default credentials to access the CMS, uploading a malicious PHP file to get RCE and escalating privileges using write access to /etc/hosts

June 28, 2024

Cyborg

Cracking the password of a Borg archive and abusing permissions to execute code as root

May 18, 2024

Ignite

Exploiting FuleCMS v1.4 and escalating to root with password reuse

May 18, 2024