-
As a SCS security auditor, I want to check and assess a SCS testbed deployment within the context of a high privileged user on both manager and nodes, so that I could report that all systems are confi…
90n20 updated
6 months ago
-
Keypoints:
- Gerapy v0.9.7 exploit--> https://www.exploit-db.com/exploits/50640
- [PE] python3.10 cap_set_uid=ep
-
Key points:
- codoforum --> Remote Code Execution (RCE) 50978.py (but, finally we upload reverse php file manually)
- password is in /var/www/html/sites/default/config.php
-
https://app.hackthebox.com/machines/Cap
```
$ nmap -sC -sV -Pn 10.10.10.245
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-11 23:05 JST
Nmap scan report for 10.10.10.245
Host is up (0.51…
-
-
https://app.hackthebox.com/machines/Busqueda
```
$ nmap -sC -sV -Pn 10.10.11.208
Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-05-19 03:33 JST
Nmap scan report for 10.10.11.208
Host is up …
-
Key points:
- apt-get update privilege escalation
-
-
### keypoints:
- FTP brute-force `hydra -C /usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt ftp://192.168.243.183`
- PwnKit Vulnerability (CVE-2021–4034) --[pythone ve…
-
**Describe the bug**
"ReadOnlyRootFilesystem" is currently only awarded a +1 score despite it being one of the most effective mitigations against adversaries. As the official Kubesec documentation s…