The goal of privilege escalation in windows is to gain administrator or system account access.

Different type of resources are present in windows

Permissions to access these is controlled by the ACLs

Reverse Shell in Windows

msfvenom -l payloads

Select a reverse shell payload for windows, configure…


All the unix binaries run as per the locations / directory structure mentioned in the PATH environment variable(from left to right). …


There are various ways in which privilege escalation can be achieved in linux, I am solving the challenges from tryhackme room and will write about each one from the below list.

1. Service Exploits

2. Weak File Permissions

3. Sudo — shell escape sequences

4. Cron jobs

5. suid /…


Sudo reminds me of the naayak movie dialogue,“tumhe ek din ke liye mukhyamantri banaaya jaa sakta hai, kya kar loge”.

The hero is allowed to be chief minister for one day and he does all the damage/reform he can.

Coming back to technical world again, every user has a security…


Reconnaissance

As always, started with nmap scan

nmap output shows two ports are open, 22 and 80. To enumerate further I installed, wapaalyzer which is a tool to gather technical details of a website.

To install this on firefox

Go go about:debugging#/runtime/this-firefoxClick ‘Load Temporary Add-on’Select src/drivers/webextension/manifest.json

Initially, buffer overflow felt like a daunting topic to me ! There is lots of stuff available on the internet. If you check it all at once, it gets overwhelming and you are more likely to give up !

So I decided to grab one good article , and read…


Mind Opener

What are war files ? If an application allows us to upload such a file, then can we create such a file and obtain a reverse shell through it ?

Reconnaissance

Nmap scan reveals that it’s an apache tomcat web server.

Tomcat is a web server for hosting java files.

Login…


Reconnaissance

The nmap scan reveals that the server is running IIS httpd 6.0 and few http methods are allowed.

Enumeration

On visiting the site, it says under construction,


Mind Opener

What are the system methods in php, in how many ways can we use those system methods ? Can we modify the publicly available exploits to get code execution ?

If a CMS allows you to add code, can you add a code that will provide you a shell ?

Reconnaissance


Mind Opener

The http protocol allows us to use methods like GET , POST, PUT, DELETE to send/delete data, however are there any methods with which we can edit, copy or manage files on a remote server ?

If such protocol/extension allows you to copy or move files, can you abuse this…

Sheetal Patil

A proud mother, traveller. Love to read , understand and write about cyber security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store