Are you curious about the impact of artificial intelligence on society? “Dice” takes you on a journey to a future where humanity has developed a revolutionary technology designed to judge human behaviour and maintain order.
Continue reading “The Dice: Afterlife”CSRF vulnerability on qdPM 9.2 (CVE-2022-26180)
Objective
Our target is qdPM, a free project management tool. The tool with the 9.2 version is vulnerable to Cross-site Request Forgery and we are going to inspect the application to leverage the vulnerability. First, we will try to exploit ourselves then we will check the defined CVE and exploit.
Continue reading “CSRF vulnerability on qdPM 9.2 (CVE-2022-26180)”The exploitation of a vulnerability named Log4Shell (CVE-2021-44228)
Intro
This lab covers the exploitation of a vulnerability in Log4j.
Apache Solr 8.11.0 is running on the target machine which this version of the software is prone to vulnerable log4j package (CVE-2021-44228). The application itself runs on Java 1.8.0_181.
Enum
We can see clear indicators of log4j used for logging activity when we browse Solr Admin Dashboard:
CVE-2020-29168: Online Doctor Appointment Booking System PHP and Mysql 1.0 – ‘q’ SQL Injection
An SQL injection vulnerability was discovered in PHP Doctor Appointment System by me on 11/16/2020.
In ‘getuser.php’ file, GET parameter ‘q’ is vulnerable.
The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
Walkthrough: Geisha: 1 (Vulnhub Retired Box)
I am going to share my walkthrough for Vulnhub machine called “Geisha: 1”. The machine difficulty was a beginner to intermediate, the goal is to get the root shell i.e.(root@localhost:~#) and then obtain flag under /root).
Continue reading “Walkthrough: Geisha: 1 (Vulnhub Retired Box)”Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304
In January 2019, researchers discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system (Linux Privilege Escalation via snapd, n.d.). In this post, I am going to exploit one of the affected Ubuntu 16.04 using dirty_sock exploit via snapd which created by security researcher. Moreover, snapd serves up a REST API attached to a local AF_UNIX socket. Access control to restricted API functions is accomplished by querying the UID associated with any connections made to that socket. User-controlled socket peer data can be affected to overwrite a UID variable during string parsing in a for-loop. This allows any user to access any API function.
Continue reading “Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304”HTB Retired Box Walkthrough: Legacy
Today, I will demonstrate new skills which I gained:
- Identifying vulnerabilities by using the NSE;
- Exploiting SMB using Metasploit.
Let’s give a brief intro about the new machine. Legacy is a retired machine at the beginner level that shows SMB’s possible security threats in Windows OS.
Continue reading “HTB Retired Box Walkthrough: Legacy”Walkthrough: Lame (HTB Retired Box)
Hi All, this is my first blog entry which I decided to share my written walkthroughs related to retired machines on HTB. Frankly speaking, I am in the learning process and end of my development, I would like to look at my progress for checking what I learnt. Additionally, I want to share my knowledge with our peers or who wants to improve themselves.
Continue reading “Walkthrough: Lame (HTB Retired Box)”