Hacking CVE-2021-31607 SaltStack Minion Privledge Escaltion in Snapper Module tldr;I discovered a command injection vulnerability in SaltStack's Salt that allows privilege escalation using malicious filenames on a minion when the master calls snapper.diff. But... I was too
Hacking CVE-2020-28243 (2) SaltStack Minion Denial of Service via Argument Injection Note: This post builds upon an exploit from previous post here, that may be useful to read first.tldr;Recently I disclosed a local privilege escalation, CVE-2020-28243, in SaltStack's Salt
Hacking CVE-2020-28243 SaltStack Minion Local Privilege Escalation tldr;I discovered a command injection vulnerability in SaltStack's Salt that allows privilege escalation via specially crafted process names on a minion when the master calls restartcheck. Affected Versions: All
CTF HTB CTF Write-up: Gunship The HTB x Uni CTF 2020 - Qualifiers have just finished and I wanted write-up some of the more interesting challenges that we completed. As with many of the challenges
CTF HTB CTF Write-up: Cargo Delivery Cargo Delivery was a Python command line application that uses AES CBC encryption and is vulnerable to a padding oracle attack.
CTF HTB CTF Write-up: Cached Web The HTB x Uni CTF 2020 - Qualifiers have just finished and I wanted to write-up some of the more interesting challenges that we completed. As with many of the
CTF Metasploit Community CTF 2020 (Dec) Write-up: ace-of-clubs (port 9009) SummaryThe ace-of-clubs challenge presented a SSH server on port 9009 that had an easy to guess login. This is followed by a privilege escalation to root in a custom binary
CTF Metasploit Community CTF 2020 (Dec) Write-up: 9-of-clubs (port 1337) This fun little challenge was solved by our binary exploitation expert: benything. SummaryThe 9-of-clubs challenge is remote binary exploitation challenge. It features a basic command line application that can be
CTF Metasploit Community CTF 2020 (Dec) Write-up: queen-of-hearts (port 9008 & 9010) SummaryThe queen-of-hearts challenge was on two ports, 9010 which contained a downloadable Java .jar file and 9008 which was the service that you needed to interact with. Initially it appeared
CTF Metasploit Community CTF 2020 (Dec) Write-up: 7-of-spades (port 8888) SummaryThe 7-of-spades challenge is a basic Python web application that lists information about Metasploit modules. It uses a pickle saved in base64 to a cookie that can be modified to
CTF Metasploit Community CTF 2020 (Dec) Write-up: 5-of-clubs (port 8101) SummaryThe 5-of-clubs challenge was to write a Metasploit module that is uploaded and run on a computer to which you do not have direct access. The module is uploaded along
CTF Metasploit Community CTF 2020 (Dec) Metasploit ran another community CTF this year, and we decided to put forward a team. The team ended up bigger than all other teams I've been part of before and
Metasploit New Metasploit Module: enum_containers I wrote a new metasploit module, enum_containers, that enumerates a target post exploit and detects container platforms and lists any containers that are actively running on them.
Metasploit New Metasploit Module: docker_privileged_container_escape I wrote a new metasploit module, docker_privileged_container_escape, that escapes from a docker container with access to the docker sock obtaining a root shell on the host operating
Software Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE) I developed a container enumeration script. Think of it like linpeas/linenum but for containers.
Software Portdroid - Network Analysis Kit & Port Scanner PortDroid is a Network Analysis Application that helps Network Administrators, Penetration Testers and Hackers with several useful networking tools.
Software RootBeer - Root Detection Library for Android A tasty root checker library and sample app. We've scoured the internets for different methods of answering that age old question... Has this device got root?
Hacking Python UUEncode Vulnerability tl;dr Found a vuln in some old and mostly unused data format in python, spoke to Guido van Rossum (inventor of Python), and submitted a PR with a fix.
