Archive: 2021

Crack zip file and then crack the password found in the source code. Exploit SQL Injection & escalate privileges using misconfigured permission on vi.

Uncover hidden login pages, manipulate cookies, upload a PHP reverse shell, and exploit a misconfigured SUID binary to go from guest to root.

Windows machine with Gym Management System 1.0. It has an unauthenticated RCE. Debug service on local port and exploit it after port forwarding.

Linux machine with Bludit CMS. Bypass the brute force protection, exploit file upload, and leverage sudo vulnerability - CVE-2019-14287 - for root.