Newsletter 15/02/2024
This machine has a web application that is vulnerable to SSRF, which can be used to read the contents of an internal server, which is vulnerable to command injection. The two vulnerabilities can be chained to get RCE on the machine. The low-privileged user is able to run systemctl
as root
using sudo
, which leads to the privilege escalation via the default pager less
ARM 32-bit binary. Buffer Overflow. ret2csu. ret2libc
Parameter injection. Local File Read
XPATH injection. Automate flag extraction
Boolean-based SQLi in ORDER
. Automate flag extraction
CouchDB. NoSQL injection. Authentication bypass
PHP deserialization. Local File Inclusion. Log Poisoning
Java. CVE. SnakeYAML insecure deserialization
MongoDB. NoSQL injection. Automate flag extraction
64-bit binary. Heap exploitation. Null-byte poison. Overlapping chunks. Tcache poisoning
SQLi. JavaScript object attributes
LFSR. Modular arithmetic. z3
Winternitz One-Time Signature
ECC. Baby-step, giant-step. Meet-in-the-middle