LazyAdmin

RCE through command injection and priv esc through a backup script we can write to

June 30, 2023

Kiba

Exploiting Kibana Timelion to get a reverse shell and escalating with cap_setuid in Python

June 30, 2023

Agent T

PHP v8.1.0-dev backdoor

June 29, 2023

Epoch

RCE through command injection in an url parameter

June 29, 2023

Git Happens

Using git-dumper to download the repo and using git history to find credentials

June 29, 2023

Glitch

RCE through POST parameter and privilege escalation through a FireFox profile

June 24, 2023

Dogcat

Exploiting an LFI and breaking out of a Docker container

June 9, 2023

Capture!

Custom python script for brute forcing with username and password dictionaries

May 6, 2023

Boiler CTF

sar2html Remote Code Execution on a Joomla site and find has an suid bit set

June 27, 2021

Inclusion

LFI to get SSH credentials and escalating to root with socat

June 26, 2021