Ignite

Exploiting FuleCMS v1.4 and escalating to root with password reuse

May 18, 2024

MD2PDF

Injecting an iframe in a markdown file to gain access to an HTTP server which only allows connections from localhost

May 17, 2024

Atom

Malicious PDF file to remote code execution and abusing Redis to get the admin credentials

April 19, 2024

Agent Sudo

Password attack with hydra and stegseek

January 4, 2024

GamingServer

Finding an encrypyed SSH key and dictionary and escalating through LXC

January 4, 2024

Brute It

HTTP post form attack with Hydra and cat-ing passwd and the shadow file

January 4, 2024

ConvertMyVideo

Remote file execution through an api

December 21, 2023

Hacker vs Hacker

Gaining access to an already compromised machine and stopping a script that tries to kick us out

September 15, 2023

Lesson Learned

SQL injection using `AND 1=1-- -` instead of `OR 1=1-- -`

September 11, 2023

Cat Pictures 2

Security through obscurity, exploiting a Ansible playbook script and a kernel exploit

August 7, 2023