SymFonos 6.1 - VulnHub
In this machine, we are exploiting XSS to perform CSRF and abusing APIs to achieve RCE. Additionally, we are taking advantage of a Golang binary with sudoers configuration.
Recent Posts
SymFonos 6.1 - VulnHub
Casino Royal - VulnHub
On this machine, we are exploiting Insecure Cookie Handling, Time-Based SQL Injection, DOM XXE, and SUID with PATH Hijacking. Additionally, we performed brute force on an FTP user and achieved a file upload with a bypass.
Unified - Hack The Box
We are exploiting the Log4Shell vulnerability (CVE-2021-44228) on this machine and taking advantage of MongoDB misconfiguration.
Vaccine - Hack The Box
In this machine, we take advantage of an FTP misconfiguration to obtain credentials and crack hashes. Additionally, we exploit a PostgreSQL database using SQL Injection and leverage the sudoers file.
TCP Port Scanner - Python
Python TCP Port Scanner Script.
ICMP Port Scanner - Python
Python ICMP Port Scanner Script.
Macchanger - Python
Macchanger Script.
Keylogger - Python
Keylogger Malware Script.
HTTP Spoofing - Python
HTTP Spoofing (MITM Attack).
HTTP Sniffer - Python
HTTP Sniffer (MITM Attack).