Collaborate Disseminate
I’m stuck on a CTF exercise that has been quite difficult to get a grasp of. I have access to a server as a user. On this server, there’s only root other than me. I am supposed to access a file in root where I have no permissions or read t… Continue reading CTF assistance on linux privilege escape [closed]
I am not very skilled at linux and besides reading about clone and unshare I would love to have some second opinion on the situation:
The setup
A process I intend to run is an automated "chrome service" that visits sites. These s… Continue reading Is a docker container that requires "clone" and "unshare" syscalls of any use?
The following code should be exploited and I need to exploit it in such a way that it runs my command (l33t) and there should be shellcode and exploit included, so that it runs my command. I believe I need to use GDB and it has something t… Continue reading How can I exploit the following code using string format vulnerabilities, Global offset table & GDB? [closed]
I’ve been battling with one school task for a couple of days and can’t seem to find any idea how to solve it. The task is pretty simple:
On the server there is a secret.txt file in the /root folder, which is
owned by root. The task is to … Continue reading Escalating user privileges on Linux
The strange vulnerability could have allowed for escalation of privilege, denial of service or information disclosure attacks. Continue reading Intel Patches Widespread Processor Vulnerability
I have a target that is configured to run winget installers as admin, are there any packages I could install that’d give me priv esc?
Continue reading Need help with possible privilege escalation using winget installer
A polkit authentication agent provides the user interface for administrators to input their password. It runs in user space. (https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html) An authentication agent is typically auto-… Continue reading Why is there no prevention of malicious polkit authentication agents?
I am trying to do a proof of concept where I use technique T1574.010. In this technique, I should rewrite the binpath of some service in Windows 10 so that when the service starts again the payload that I want is executed, which in this ca… Continue reading Proof of concept: Services File Permissions Weakness (T1574.010)
I’m doing an educational project and I need an executable to try different DLL hijacking techniques in Windows 10.
Obviously, there are no such vulnerabilities in Windows 10 by default, so I thought about creating an executable in C and co… Continue reading Executable to try DLL hijacking attacks
I am calculating the CVSS score for an issue, and I am confused about the Privileges Required (PR).
The issue is, for a client desktop app that connects to a server, the logged in user allows debugging, the JWT token of the user will be lo… Continue reading How to assess the Privilege Required?