Do you know how to make a PoC after finding a subdomain takeover in a AWS service? In this post I’ll share some insights and tips along with how to create a nice proof of concept so that our bugs get accepted and paid!
Attention to requests may result in becoming admin sometimes and an exposed Laravel APP key will always give you RCE! This write-up shows how to do that and more things like exploiting Composer to become root
Most (if not all) bug bounty hunters know what a subdomain takeover is and what its impact is, but do you know how to actually take over the domain and make a working proof of concept?
Attention to detail was never so important! Passage will make those details be the key to the multiple privileges escalations needed to become root! Check it out!
Bits of automation with Python packages! Really cool box to learn different techniques, like trying to use an SMTP server to send emails using gathered data. Recommend it 100%
Windows box and enumeration! Fuse combines a thorough exploration of different services to gather information and then use a password spraying attack to get a foothold into the system, after that a permissions misconfig allows us to get admin!
Do you like finding rabbit holes? If so, this machine is for you. And don’t forget that googling for exploits is crucial!
Machine with different virtual hosts, one of them with a vulnerable openEMR instance. From there docker and Memcached are the way to root
Here is my write-up of how I solved HackerOne h1-2006 CTF, definitely learned a lot of new things!