Bypasses command filtering on a web panel using backslash character escapes to upload and execute a PHP reverse shell. Extracts MySQL credentials from PHP files, pivots through multiple user accounts, and finally escapes Docker container restrictions for root access.
Exploits a data breach by utilizing leaked MD5 password hashes found through OSINT. Employs POP3 password reuse to gain initial access, and escalates privileges by modifying a world-writable Python script in the crontab to execute a reverse shell as root.
Exploits Apache Tomcat Ghostcat vulnerability (CVE-2020-1938) in AJP to gain initial access. Uses gpg2john to crack PGP keys and exploits sudo permission on zip utility for privilege escalation.