PNPT Review 2024
I recently passed the PNPT exam and in this article I will share my views on the exam, course material and if you should take it or not.
Read more...I recently passed the PNPT exam and in this article I will share my views on the exam, course material and if you should take it or not.
Read more...I recently passed the eWPTv2 exam that was released in October this year. This was an enhanced version of the v1 exam which included some old & obsolete topics, mostly not relevant in today’s scenario. In this article I will share my views on the exam, course material and if you should take it or not.
Read more...Pilgrimage is an easy machine from hackthebox which involved finding a git directory leading to a arbitrary file read vulnerability in ImageMagick. Using that read the databse file and got credentials of emily user. Found a folder named binwalk in emily’s directory and the binary version was vulnerable to rce. One of the script malwarescan.sh was running as root user and the malicious png file generated from binwalk exploit was to be placed under the mentioned directory in this script to get shell as root user.
Read more...Sau is an easy machine from hackthebox which involved exploiting a SSRF vulnerability leading to another service disclosure Maltrail. This service was vulnerable to command injection upon exploiting gave us shell as puma user. Upon further enumeration, systemctl can be run by puma user with root permissions.
Read more...Cozyhosting is an easy machine from hackthebox which involved injection a session cookie redirecting to admin page. PLaying with the username field, got an error disclosing ssh command usage in the backend. After trying various bypassing methods sent the command without spaces and got back a shell as app user. Found credentials of postgres user in a jar file and dumped the hashes from the database. Cracked them using jtr and got access to josh user. Further enumerating, ssh can be run by josh user with root permissions.
Read more...