Utilizes steganography with binwalk and steghide to extract hidden data from images. Employs zip2john to crack password-protected archives and Base64 decoding for credentials. Achieves privilege escalation by exploiting CVE-2019-14287 sudo vulnerability.
Uses enum4linux for Samba user enumeration and Hydra for brute-forcing SSH credentials. Exploits readable SSH private key with ssh2john to crack its passphrase, then leverages misconfigured sudo permissions for privilege escalation.
Exploits MagnusBilling CMS via CVE-2023-30258 to achieve initial access and PHP reverse shell. Leverages Fail2ban misconfiguration for privilege escalation to gain root access through manipulating ban actions.
Bypasses command filtering on a web panel using backslash character escapes to upload and execute a PHP reverse shell. Extracts MySQL credentials from PHP files, pivots through multiple user accounts, and finally escapes Docker container restrictions for root access.
Exploits anonymous FTP access to retrieve a password list, then uses Hydra to brute-force SSH credentials. Achieves privilege escalation by leveraging sudo permissions on the tar command to execute arbitrary commands as root.
Exploit a PHP web application vulnerabilities including Local File Inclusion (LFI), log poisoning for code execution, and container escape techniques to achieve root access on the underlying host system.
Exploits a data breach by utilizing leaked MD5 password hashes found through OSINT. Employs POP3 password reuse to gain initial access, and escalates privileges by modifying a world-writable Python script in the crontab to execute a reverse shell as root.
Exploits a vulnerable Fuel CMS installation using a remote code execution vulnerability (CVE-2018-16763) to gain a reverse shell. Discovers hardcoded database credentials in configuration files, which are reused as the root password for the system.
Exploits a simple Local File Inclusion (LFI) vulnerability in a web application’s article parameter to read sensitive system files. Leverages directory traversal via ../../../../ syntax to access /etc/passwd for user enumeration and read both user and root flag files directly.
Exploits a vulnerable SweetRice CMS installation by accessing exposed MySQL database backups containing admin credentials. Bypasses upload restrictions to gain initial access through a PHP reverse shell, then escalates privileges by leveraging a sudo permission on a Perl script.
Exploits a client-side authentication bypass by manually setting a cookie to access restricted admin area. Cracks an SSH private key using ssh2john and achieves privilege escalation through a vulnerable cron job that relies on a host file which can be manipulated.
Discovers credentials through HTML source code comments and robots.txt file to access a command panel. Exploits unrestricted command execution on the web server and leverages NOPASSWD sudo privileges for full system access.
Leverages writable FTP directory to upload and execute a PHP reverse shell. Gains user access through password extraction from a pcap file. Achieves root by exploiting a scheduled script with writable dependencies.
Exploits Apache Tomcat Ghostcat vulnerability (CVE-2020-1938) in AJP to gain initial access. Uses gpg2john to crack PGP keys and exploits sudo permission on zip utility for privilege escalation.