TLDR
- exploit a pre-auth RCE vulnerability on a
SaltStack master
TLDR
- Bypass Auth -> SSRF -> RCE
- Exploit misconfigured sudo privilege to root
TLDR
- Exploit
OpenSMTP Vulnerability to get the RCE as root.
TLDR
- Use Nmap to get the list of services running on the target.
- On web app use default credentials to login.
- Exploit CMS which is vulnerable to authenticated RCE.
- Exploit Cronjob to escalate privilege to root.
TLDR
- Exploit the known vulnerability of the services running on the system
- You get the shell as root so no P.E required
TLDR
- Exploit Local file inclusion to get credentials from config
- Use the credentials to get into Mysql
- From MySQL get the login creds for
upload page
- Bypass restriction and upload shell
- exploit misconfigured SUID for privilege escalation.