-
Bashed [
PHP Bash
,Scheduled task
] -
Popcorn [
Image upload vulnerability
,MOTD File Tampering
] -
Celestial [
Node deserialization attack
,Scheduled task,
syslogs
] -
Nibbles [
Image upload
,Default creds
opensource/git
sudoer
sudoer file
] -
Cronos [
dig DNS
,command injection
Scheduled task laravel PHP
] -
Lame [
smb 3.0.2
usermapscript command execution
] -
Mirai [
default pi credentails
grep
] -
Beep [
LFI
SMTP
SMTP to RFI
] -
Traverxec [
nostromo 1.9.6 RCE
ssh2john.py
journalctl gtfo binary
] -
Academy [
parameter tampering
laravel RCE
adm group user
aureport
log analysis
composer
] -
Time [
CVE-2019-12384 Jackson RCE And SSRF
,scheduled task
] -
Blunder [
login brute force
CSRF
Bypass IP blacklist
metasploit image upload authenticated
sudoer
CVE-2019-14287
] -
Magic [
Magic bytes image upload
sql injection
SUID binary
ltrace
] -
Waldo [
directory and file traversal
bypassing filters
escaping rbash
linux capabilities
tac cap_dac read_search+ei
] -
Solidstate [
POP3
SIP
rbash
schedules task
] -
Irked [
UnrealIRCd backdoor command injection
steghide
SUID binary
] -
Valentine [
Heartbleed
TMUX socket session
] -
Writeup [
cms made simple
sql injection
staff group
pspy
] -
Mango [
nosql injection
jjs suid binary
]
- Granny [
HTTP verb tampering
,PUT
,MOVE
,ms15_051_client_copy_image
,IIS 6.0
] - Grandpa [
HTTP verb tampering
,PUT
,MOVE
,ms14_070_tcpip_ioctl
,IIS 6.0
] - Optimum [
rejetto HTTPFileServer
command execuation
manual + metasploit
Exploit suggestor
] - Devel [
anonymous ftp
msfvenom shell upload
metasploit
Exploit suggestor
] - Legacy [
MS08-067
windows XP
metasploit
CVE-2008-4250
] - Remote [
nfs mount
sdf file/binary
umbraco authenticated RCE
service misconfiguration
] - Chisel [
Gym management system RCE
chisel
cloudme.exe
]
-
Potato [
PHP type Juggling
,Nice Binary
] -
Inclusiveness[
LFI
,Binary impersonation
,Path hijacking
] -
Solstice [
LFI
] -
FunBoxEasy [
SQL Injection
,GTFO Binaries
,Time
,pkexec
,mtr
]
Windows Privilege Escalation for OSCP & Beyond!