Prime: 1 – Walkthrough for OSCP Series
Prime: 1 is a challenging boot2root machine created by Suraj Pandey. It is designed for those who are preparing for the OSCP exam and is a great way to practice your penetration testing skills. In
Ramblings
LazySysAdmin – Vulnhub walkthrough
LazySysAdmin is an easy to crack VM. There are multiple ways to crack this machine, several ports and mis-configured services are present inside this box. The takeaway from this machine for me is to understand
digital world.local: Vengeance Walkthrough – OSCP Way
Vengeance is one of the digital world.local series which makes vulnerable boxes closer to OSCP labs. This box has a lot of services and there could be multiple ways to exploit this, Below is what
Continue readingdigital world.local: Vengeance Walkthrough – OSCP Way
DC-9 Vulnhub Walkthrough – OSCP way
Recently, My focus turned more towards OSCP and I am thinking of taking the exam. After reading tons of people’s experience over Reddit, I took some notes on what would be my way of studying
The Binary Exploitation: Stack based Buffer overflow
This article talks about cracking Level 13 Binary of Cyberstart CTF. The hint that was given for this challenge is “Cyclic Pattern”, which means we need to use pattern finder tool to figure out the
Continue readingThe Binary Exploitation: Stack based Buffer overflow
Empire: LupinOne Walkthrough – Privilege escalation through Python Libs
This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup.
Continue readingEmpire: LupinOne Walkthrough – Privilege escalation through Python Libs
Log4Shell Quick Lab Setup for Testing
Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact
Pwned Vulnhub Walkthrough
Pwned vulnhub challenge is an easy boot2root machine. One of the key take away from this machine is how you can escalate your privileges using Dockers. This blog post is about how I exploited this
Insecure Code Management – Git
Insecure code management is when part of the code exposes sensitive information which shouldn’t be exposed to the world. Now it can happen in a lot of situation where the API keys/Passwords are hard-coded and
Walkthrough for Vulnhub : Pylington
This article is a walkthrough for Pylington Virtual machine. The machine is based on getting root flag, I did it via bypassing python sandbox environment and privilege escalation by SUID bit. I have worked with