pentest | Mika's Blog

2

My first CVE (2021-24856) – WordPress Plugin 4.7 (7)

Posted on 18 octobre 2021 by Mika

2 min read The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture →

0

[TryHackme] – Empline 5 (5)

Posted on 20 septembre 2021 by Mika

4 min read Are you good enough to apply for this job ? Continuer la lecture →

0

HackTheBox : Shocker 5 (5)

Posted on 9 juillet 2021 by Mika

3 min read Shocker is a retired HTB (Hack The Box) machine that is based on the ShellSock vulnerability, in this machine we will not use metasploit. Continuer la lecture →

2

Linux Privilege Escalation : Docker Group 4.9 (7)

Posted on 29 juin 2021 by Mika

3 min read In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. Continuer la lecture →

2

FCSC 2021 : BaguetteVPN 2 4.9 (12)

Posted on 3 mai 2021 by Mika

3 min read Voici le write up du challenge Baguette VPN n°2 du France Cybersecurity Challenge (FCSC 2021)

Le but est de récupérer le secret contenu dans l’API. Continuer la lecture →

5

Linux Privilege Escalation : Python Library Hijacking 4.2 (10)

Posted on 22 avril 2021 by Mika

3 min read Linux Privilege Escalation with Python Library Hijacking.

Python will prioritize the execution of our malicious module instead of the usual path Continuer la lecture →

1

[TryHackme] – Overpass 3 4.9 (14)

Posted on 17 janvier 2021 by Mika

4 min read You know them, you love them, your favourite group of broke computer science students have another business venture! Show them that they probably should hire someone for security… Continuer la lecture →

LEGAL PAGES