Title : All-in-One Video Gallery plugin <= 2.4.9 - Local File Inclusion (LFI) vulnerability Author: m19o Software : Wordpress 5.8.2 CVE : CVE-2021-24970 Poc : https://example/wordpress/wp-a...

Enumeration ِNmap TIME!. ِِِAs you can see 80,22,8080 are open. Let`s start checking ِAfter some recon i didn`t found anything in 8080. ِBut i searched for megahosting exploi...

Methodology 1- Scanning 2- SMB Enumertion 3- Kanban Analysis 4- Config Manipulation 5- Exploit Remote Service 6- WCF Exploitation Scanning ┌──(m19o@pwning)-[~/m19o/HTB/sharp]└─# nmap -sV -v -p-...

Summary : 1 - Stealing admin's cookie with XSS 2 - Privilege escalation using a CVE 3 - Getting RCE 4 - Database Enumeration 5 - Password cracking 6 - Creating malicious pkg Scanning phase : ...

Methodology Enumeration by LFI Phpsessid and Jwt token forge unrestricted upload Database leak Binary file analysis Port forwarding Database dump with SQLMAP ┌──(root💀m19o)-[~/H...

Recon NMAP roott@kali:~$ sudo nmap 10.10.10.197 -sV -sC -p- -A Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-27 05:55 EST Stats: 0:17:15 elapsed; 0 hosts completed (1 up), 1 undergoing Scri...

Summary RCE in the Web application Pivoting Network analysis Custom Exploitation Domain Admin by Abusing Certifcate service Scanning nmap -p- -sV -sC -v -oA enum --min-rate 4500 --ma...

Scanning We found port 22 for ssh and port 8000,8080 for HTTP where port 8000 Let`s add jewel.htb in our hosts Enumeration Port 8000 port 8080 Let`s enumerate the BLOG! We found 2 user...

Enumeration ِLet`s begain scanning with NMAP ِTwo ports are open 8080 , 7680 ِAfter opening the webapp at 8080 i found out it`s from ProjectWorld.in And i searched for the project http...

Enumeration ِWe will use NMAP for enumeration phase, So let`s GO !. ِSo NMAP found that port 22 and port 80 are open. Let`s Check port 80. ِOuch! look like someone was here befor...