linux

Drupal, Drupalgeddon, Restricted shell, Dumping database, Password cracking, Snap, Dirty sock

Yaml deserialization, Java shell, Tomcat password, sudo -l, Go

Chrome OS, Wordpress, sudo -l, Directory listing

Helpdesk, Mattermost, Ticketing trick, Internal chat, SQL enumeration, Hashcat rules, Hash cracking

CVE-2020-7384, msfvenom command injection, script command injection

Gitlab, Arbitary file read, RCE, SUID, PATH exploitation

Lua, API, Command injection, Password cracking, File decrypt

Cute news, CVE, File system enumeration, Insecure ssh, USBcreator

Well known web files, SSRF, Exploiting internal api, git history, port knocking, exposed docker daemon, escaping docker by mounting host volume

Subdomain enumeration, Gila CMS, Wildcard injection