Armageddon

📅 May 20, 2022 · ☕ 6 min read · ✍️ T4r0

Drupal, Drupalgeddon, Restricted shell, Dumping database, Password cracking, Snap, Dirty sock

---

Ophiuchi

📅 May 15, 2022 · ☕ 10 min read · ✍️ T4r0

Yaml deserialization, Java shell, Tomcat password, sudo -l, Go

---

Spectra

📅 May 10, 2022 · ☕ 4 min read · ✍️ T4r0

Chrome OS, Wordpress, sudo -l, Directory listing

---

Delivery

📅 Jun 11, 2021 · ☕ 4 min read · ✍️ T4r0

Helpdesk, Mattermost, Ticketing trick, Internal chat, SQL enumeration, Hashcat rules, Hash cracking

---

ScriptKiddie

📅 Jun 11, 2021 · ☕ 5 min read · ✍️ T4r0

CVE-2020-7384, msfvenom command injection, script command injection

---

Laboratory

📅 Apr 17, 2021 · ☕ 9 min read · ✍️ T4r0

Gitlab, Arbitary file read, RCE, SUID, PATH exploitation

---

Luanne

📅 Mar 27, 2021 · ☕ 7 min read · ✍️ T4r0

Lua, API, Command injection, Password cracking, File decrypt

---

Passage

📅 Mar 3, 2021 · ☕ 6 min read · ✍️ T4r0

Cute news, CVE, File system enumeration, Insecure ssh, USBcreator

---

The great escape

📅 Feb 22, 2021 · ☕ 12 min read · ✍️ T4r0

Well known web files, SSRF, Exploiting internal api, git history, port knocking, exposed docker daemon, escaping docker by mounting host volume

---

Cmess

📅 Dec 5, 2020 · ☕ 7 min read · ✍️ T4r0

Subdomain enumeration, Gila CMS, Wildcard injection

---