Bypasses command filtering on a web panel using backslash character escapes to upload and execute a PHP reverse shell. Extracts MySQL credentials from PHP files, pivots through multiple user accounts, and finally escapes Docker container restrictions for root access.
Exploits a data breach by utilizing leaked MD5 password hashes found through OSINT. Employs POP3 password reuse to gain initial access, and escalates privileges by modifying a world-writable Python script in the crontab to execute a reverse shell as root.
Exploits a vulnerable Fuel CMS installation using a remote code execution vulnerability (CVE-2018-16763) to gain a reverse shell. Discovers hardcoded database credentials in configuration files, which are reused as the root password for the system.
Exploits a vulnerable SweetRice CMS installation by accessing exposed MySQL database backups containing admin credentials. Bypasses upload restrictions to gain initial access through a PHP reverse shell, then escalates privileges by leveraging a sudo permission on a Perl script.
Exploits a client-side authentication bypass by manually setting a cookie to access restricted admin area. Cracks an SSH private key using ssh2john and achieves privilege escalation through a vulnerable cron job that relies on a host file which can be manipulated.
Leverages writable FTP directory to upload and execute a PHP reverse shell. Gains user access through password extraction from a pcap file. Achieves root by exploiting a scheduled script with writable dependencies.
Exploits Apache Tomcat Ghostcat vulnerability (CVE-2020-1938) in AJP to gain initial access. Uses gpg2john to crack PGP keys and exploits sudo permission on zip utility for privilege escalation.