The exploitation of a vulnerability named Log4Shell (CVE-2021-44228)

Intro

This lab covers the exploitation of a vulnerability in Log4j.

Apache Solr 8.11.0 is running on the target machine which this version of the software is prone to vulnerable log4j package (CVE-2021-44228). The application itself runs on Java 1.8.0_181.

Enum

We can see clear indicators of log4j used for logging activity when we browse Solr Admin Dashboard:

Continue reading “The exploitation of a vulnerability named Log4Shell (CVE-2021-44228)”

Online Doctor Appointment Booking System PHP and Mysql 1.0 – ‘q’ SQL Injection

An SQL injection vulnerability was discovered in PHP Doctor Appointment System by me on 11/16/2020.

In ‘getuser.php’ file, GET parameter ‘q’ is vulnerable.

The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.

Continue reading “Online Doctor Appointment Booking System PHP and Mysql 1.0 – ‘q’ SQL Injection”

Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304

In January 2019, researchers discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system (Linux Privilege Escalation via snapd, n.d.). In this post, I am going to exploit one of the affected Ubuntu 16.04 using dirty_sock exploit via snapd which created by security researcher. Moreover, snapd serves up a REST API attached to a local AF_UNIX socket. Access control to restricted API functions is accomplished by querying the UID associated with any connections made to that socket. User-controlled socket peer data can be affected to overwrite a UID variable during string parsing in a for-loop. This allows any user to access any API function.

Continue reading “Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304”

Walkthrough: Lame (HTB Retired Box)

Hi All, this is my first blog entry which I decided to share my written walkthroughs related to retired machines on HTB. Frankly speaking, I am in the learning process and end of my development, I would like to look at my progress for checking what I learnt. Additionally, I want to share my knowledge with our peers or who wants to improve themselves.

Continue reading “Walkthrough: Lame (HTB Retired Box)”