PG - Twiggy | Walkthrough
TLDR
- exploit a pre-auth RCE vulnerability on a
SaltStack master
2021¶
PG - ClamAV Walkthrough
TL;DR
- Enumerate SNMP and find traces of
clamav-milter - Exploit
sendmailwhich is vulnerable to RCE
PG - Internal Walkthrough
TL ; DR
- Use Nmap to get a list of service running on the target
- Enumerate SMB
- Exploit SMB to get RCE
- No P.E Required
PG - SURF | Walkthrough
TLDR
- Bypass Auth -> SSRF -> RCE
- Exploit misconfigured sudo privilege to root
PG - Pebbles Walkthrough
TLDR
- Fuzz directory to find application which is vulnerable to SQLi
- Exploit the vulnerable application using SQLMap to get shell
PG - Exfiltrated Walkthrough
TLDR
- Use Nmap to get the list of services running on the target.
- On web app use default credentials to login.
- Exploit CMS which is vulnerable to authenticated RCE.
- Exploit Cronjob to escalate privilege to root.
Vulnlab - Kioptrix : level 1
TLDR
- Exploit the known vulnerability of the services running on the system
- You get the shell as root so no P.E required
VulnHub - PWNLAB
TLDR
- Exploit Local file inclusion to get credentials from config
- Use the credentials to get into Mysql
- From MySQL get the login creds for
uploadpage - Bypass restriction and upload shell
- exploit misconfigured SUID for privilege escalation.