-
Keypoints:
- https://github.com/CsEnox/CVE-2021-21425
- [PE] find / -perm -u=s -type f 2>/dev/null --> /usr/bin/php7.4
-
Just came across this technique on a Hack the box machine. I guess it would be good to have it as a technique GTFOBins.
Some sources: https://book.hacktricks.xyz/linux-hardening/privilege-escalation…
-
Keypoints:
- Exhibitor Web UI 1.7.1 - Remote Code Execution (https://www.exploit-db.com/exploits/48654 )
- [PE] [gcore](https://gtfobins.github.io/gtfobins/gcore/)
-
### Request Type
Bug
### Work Environment
| Question | Answer |
| -------------------------- | ------------------------------------- |
| OS ve…
-
Keypoints:
- Gerapy v0.9.7 exploit--> https://www.exploit-db.com/exploits/50640
- [PE] python3.10 cap_set_uid=ep
-
Hi
Before submitting a PR I would like to hear your opinion.
Would it make sense to create a new function for wildcard / parameter injection possibilities?
This function would address all bin…
-
850 git clone https://github.com/7Rocky/gtfobins-cli.git
851 ls
852 cd gtfobins-cli
853 ls
854 ls -al
855 echo $PATH
856 cd
857 python3 ~/Tools/gtfobins-cli/gtfobins-c…
-
This looks like a good candidate to add to your project:
https://seanpesce.blogspot.com/2023/03/leveraging-ssh-keygen-for-arbitrary.html
-
### OSCP-CheatSheet
https://notchxor.github.io/oscp-notes/2-web/LFI-RFI/
https://github.com/WDavid404/OSCP-CheatSheet
https://github.com/saisathvik1/OSCP-Cheatsheet
### wadcoms
https://wadcoms.…
-
### Roadmap URL
https://roadmap.sh/cyber-security
### Suggestions
Near LOLBAS you can add GTFOBINS and wadcoms
https://gtfobins.github.io/ (linux unintended tool usage)
https://wadcoms.github.io/…