Privilege-Escalation
Found 5 related articles
Back to Tags- 2025-03-11
ApiBase - API Endpoint Enumeration and Privilege Escalation
Technical writeup detailing the compromise of a DockerLabs API-based system. Methodology includes Nmap scanning, API endpoint enumeration (GET/POST methods), credential brute-forcing via Caido, file transfer (SCP), and PCAP network analysis using Wireshark to extract critical credentials for root access.
- 2025-03-03
Internship - Multi-Stage Exploitation via SQLi and Steganography
Technical writeup covering multi-stage compromise of the 'Internship' challenge. The methodology progresses from SQL Injection authentication bypass and user data extraction to a targeted SSH brute-force attack (Hydra). Privilege escalation involves script modification for horizontal movement, culminating in steganography analysis (Steghide) for final root access.
- 2024-11-12
Broken Access Control (BAC) Analysis and Mitigation
Technical analysis of Access Control failures (A01:2021) leading to resource exposure or privilege escalation. Covers identification of IDOR, Horizontal, and Vertical BAC vulnerabilities, presenting a Proof of Concept (PoC) using Burp Suite, alongside key mitigation strategies like RBAC.
- 2024-10-20
Cap - PCAP Analysis, FTP Credential Disclosure, and cap_setuid Privilege Escalation
Technical writeup detailing the compromise of the Cap machine. Initial access is achieved by enumerating a web application that provides downloadable .PCAP network capture files. Tshark analysis of a specific PCAP file reveals FTP credentials in plaintext. These credentials are used to gain SSH access as the 'nathan' user. Privilege escalation to root is achieved by exploiting the 'cap_setuid' capability set on the /usr/bin/python3.8 binary, allowing arbitrary user ID change to 0 (root).
- 2024-09-16
FirstHacking - Exploiting vsftpd 2.3.4 Backdoor (CVE-2011-2523)
Technical writeup demonstrating the exploitation of the vsftpd 2.3.4 backdoor (CVE-2011-2523) vulnerability on a DockerLabs environment. Methodology covers Nmap service detection, exploit identification via Searchsploit, remote command execution via the FTP service, and achieving immediate root access.