Uses enum4linux for Samba user enumeration and Hydra for brute-forcing SSH credentials. Exploits readable SSH private key with ssh2john to crack its passphrase, then leverages misconfigured sudo permissions for privilege escalation.
Exploits anonymous FTP access to retrieve a password list, then uses Hydra to brute-force SSH credentials. Achieves privilege escalation by leveraging sudo permissions on the tar command to execute arbitrary commands as root.
Compromise a Joomla CMS 3.7.0 website by exploiting an SQLi vulnerability, crack a bcrypt password hash, and perform privilege escalation through a yum binary with sudo permissions to achieve root access.
Exploits a vulnerable Fuel CMS installation using a remote code execution vulnerability (CVE-2018-16763) to gain a reverse shell. Discovers hardcoded database credentials in configuration files, which are reused as the root password for the system.
Penetrate a company’s infrastructure through WordPress exploitation, crack password hashes, pivot through a phpMyAdmin instance, and escalate privileges using Jenkins to obtain root access on multiple systems.
Exploits a vulnerable SweetRice CMS installation by accessing exposed MySQL database backups containing admin credentials. Bypasses upload restrictions to gain initial access through a PHP reverse shell, then escalates privileges by leveraging a sudo permission on a Perl script.
Discovers credentials through HTML source code comments and robots.txt file to access a command panel. Exploits unrestricted command execution on the web server and leverages NOPASSWD sudo privileges for full system access.