CVE-Exploitation
Found 4 related articles
Back to Tags- 2024-10-20
TwoMillion - API Enumeration, Information Disclosure, and Kernel Privilege Escalation (CVE-2023-0386)
Technical writeup detailing the compromise of the TwoMillion machine. Initial access involves decoding ROT13-encrypted data from JavaScript to find an API endpoint, followed by manipulating API parameters to gain administrator privileges via Insecure Direct Object Reference (IDOR), leading to a reverse shell injection. Local Privilege Escalation is achieved by disclosing plaintext credentials from a '.env' file for SSH access, and finally, exploiting the unpatched Linux Kernel vulnerability, CVE-2023-0386 (OverlayFS/FUSE), to gain root privileges.
- 2024-10-16
EvilCUPS - CUPS Vulnerability Chaining (CVEs) and Local Credential Compromise
Technical writeup detailing the compromise of the EvilCUPS machine. Initial access is achieved by exploiting a chain of CUPS vulnerabilities (including CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177) to gain Remote Code Execution (RCE) as the 'lp' user. Local privilege escalation is then performed by manually enumerating the CUPS spool directory (/var/spool/cups) to extract cleartext credentials for the root user.
- 2024-10-09
BreakMySSH - Exploiting OpenSSH CVE-2018-15473 for Root Access
Technical writeup detailing the compromise of the BreakMySSH challenge. Methodology covers Nmap scanning, exploiting the OpenSSH 7.7 Username Enumeration vulnerability (CVE-2018-15473) to identify a valid user, followed by a targeted password brute-force attack using Hydra to gain root access.
- 2024-09-16
FirstHacking - Exploiting vsftpd 2.3.4 Backdoor (CVE-2011-2523)
Technical writeup demonstrating the exploitation of the vsftpd 2.3.4 backdoor (CVE-2011-2523) vulnerability on a DockerLabs environment. Methodology covers Nmap service detection, exploit identification via Searchsploit, remote command execution via the FTP service, and achieving immediate root access.