Newsletter 05/09/2023

This machine has a Cacti service that is vulnerable to unauthenticated Remote Code Execution that grants access to a Docker container. Here we can find credentials in the database and reuse them for SSH on the host machine. Then, we find out that the Docker version is vulnerable to a CVE. To exploit this, we need to get root
in the container and configure a SUID binary that will be executed from the host machine via directory traversal to escalate privileges

64-bit binary. Heap exploitation. Integer overflow. Heap overflow. ret2libc

Recurrence relation. Telescoping series. LCG

Graph Encryption Scheme
1: Key leakage. Decryption
2: Single-Destination Shortest Path. Node degrees
3: Query recovery. Tree isomorphisms

CRC. Chinese Remainder Theorem. Brute force