Bug Bounty Command Injection Limitations Bypasses Let me put you in context: Yesterday while I was doing a box from the providing grounds, I came across with the following command injection vulnerability. The goal obviously is to get a Shell, but I took this as if it were a real
Red Team Red Team: Lets jump Hello there my friends!. After a long time without posting anything, I'm back to the arena, this time to tell you a curious case of pivoting that I did in an internal "revision" that I did to the university of my city... A couple
Hack the Box HTB: Devzat Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Devzat machine. To get a shell, we will abuse a code injection, which we found thanks to a .git directory on a subdomain. Then we
SSRF HTB: Forge Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Forge machine, which I enjoyed very much. To get a shell, we have to abuse a SSRF, where I will show you two ways to
SQL Injection T0wn H4ll :( Hello there my friends! My name is Dot. And I am here, to tell you, how I discovered a SQL Injection, on one of the employee portals on the website of my town hall. I set myself this goal, in order to show both
Linux Linux: Extended attributes Hello there my friends! My name is Dot. And I am here, to tell you about extended attributes. And you may be wondering, what is it? Extended File Attributes aka xattr, are values which can be associated with files, to describe them beyond what
Bash netconenum Hello there my friends! My name is Dot. And I am here, to tell you, how I am going to improve a tool that I already had created, which was used to enumerate which user was running a service. The plus that I am
WordPress HTB: Spectra Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Spectra machine, which is a really easy box. The way to get shell, is with some credentials that we can obtain from a file and
exploit2bash Webmin 1.580 Hello there my friends! My name is Dot. Today is a big day, as it is the first post about a series I want to start, which is about rewriting exploit scripts in Bash. I want to clarify that this exploit was not discovered
Php Object Injection HTB: Tenet Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Tenet machine, which I really liked. To get the first shell as www-data we will have to exploit a PHP object injection vulnerability, from there
Python Hexadecimal Soup Hey, it's been a while, hasn't it? It's my fault. I've been busy doing several things, but in compensation I have an unfinished SQL Injection post, which I calculate that it will be finished in a few weeks Well, this post is a bit
Bug Bounty CVE-2020-24329 SSRF Read local files 0day ILIAS LMS Hello there my friends! My name is Dot. And I am here, to tell you how I discovered my first vulnerability, outside the typical XSS's and SSRF's Some time ago, I set myself the personal challenge of hacking into my city's university, so without