Backdoor (Medium)

Content WordPress Local File Inclusion Vulnerability (LFI) LFI to RCE (Abusing /proc/PID/cmdline) Gdbserver RCE Vulnerability Abusing Screen (Privilege Escalation) [Session synchronizatio...

12/07/2022 HackTheBox, Linux - Easy

GDBServer 9.2 RCE

If the gdbserver is 9.2 or prior it is vulnerable to a RCE exploitation: Exploit: gdbserver sudo python3 gdbserver_rce.py 10.10.11.125:1337 rev.bin Examples: Backdoor

12/07/2022 06 Exploitation, GDBServer 9.2 RCE

SUID Screen Exploitation

Screen If screen is running as SUID you can look for a dettached session and use it to escalate privileges, first run the following command: ps -aux | grep screen If there is indeed a screen comma...

12/07/2022 04 Privilege Escalation, Linux - SUID Screen Exploitation

Azure Devops Enumeration

Azure DevOps Server is a Microsoft product that provides version control, reporting, requirements management, project management (for both agile software development and waterfall teams), automated...

07/07/2022 05 Utilities, Azure Devops Enumeration

SCP

SCP To download files: scp <Username>@<IPorHost>:<PathToFile> <LocalFileLocation> Upload files: scp file.txt remote_username@10.10.0.2:/remote/directory

17/02/2022 03 File Transfer, Linux - SCP

1
...
23
24
25
25 / 25