LazyAdmin

RCE through command injection and priv esc through a backup script we can write to

June 30, 2023

Kiba

Exploiting Kibana Timelion to get a reverse shell and escalating with cap_setuid in Python

June 30, 2023

Tomghost

Exploiting Tomcat v9.0.30 (CVE-2020-1938) and privilege escalation through the zip binary with sudo permissions

June 30, 2023

Agent T

PHP v8.1.0-dev backdoor

June 29, 2023

Epoch

RCE through command injection in an url parameter

June 29, 2023

Git Happens

Using git-dumper to download the repo and using git history to find credentials

June 29, 2023

Glitch

RCE through POST parameter and privilege escalation through a FireFox profile

June 24, 2023

Opacity

RCE through command injection, cracking a Keepass database and exploiting permissions on a script

June 14, 2023

Dogcat

Exploiting an LFI and breaking out of a Docker container

June 9, 2023

Valley

Web enumeration, pcacp investigation and privilege escalation through a Python cronjob with root permissions

June 2, 2023