Shuciran Pentesting Notes

Java Debugging

XSS Hunting

We’ll start our hunt for DOM-based XSS by searching for references to the document object. However, running a search for “document” will generate many false positives. Instead, we’ll search for “do...

DotNet Debugging

Manipulation of Assembly Attributes for Debugging Debugging .NET web applications can sometimes be a bit tricky due to the optimizations that are applied to the executables at runtime. One of the w...

DirtyCow Privilege Escalation

Exploit-DB (searchsploit) You can download the .cpp (C++) script with the following command: searchsploit -m linux/local/40847.cpp This is to compile within the compromised machine: g++ -Wall -p...

DotNet Source Code Review

Manipulation of Assembly Attributes for Debugging Debugging .NET web applications can sometimes be a bit tricky due to the optimizations that are applied to the executables at runtime. One of the w...

PHP Source Code Review

We decided to enumerate all pages we could access without authentication using a grep search and used the results as a starting point for our analysis. grep -rnw /var/www/html/ATutor -e "^.*user_l...

NodeJS Source Code Review

Assessing the Application The existence of bin/www, package.json, and routes/ indicate that this is a NodeJS web application. In particular, package.json identifies a NodeJS project and manages its...

Java Source Code Review

Java Reconnaissance A quick Google search leads us to a file extensions explanation page, which states that the .do extension is typically a URL mapping scheme for compiled Java code. HTTP Routing...

Intelligence (Medium)

Host entries: 10.10.10.248 intelligence.htb dc.intelligence.htb If Active Directory => NTP Synchronization with the domain controller. Content Information Leakage Kerberos Enumeration...

BloodHound Vector Attacks

ReadLAPSPassword We can use the utility laps.py to read LAPS passwords outside the machine, all we need is valid credentials: python3 laps.py -u JDgodd -p 'JDg0dd1s@d0p3cr3@t0r' -d streamio.htb LAP...