6 docs tagged with "PrivEsc"

Easy Linux box abusing default creds on Request Tracker, KeePass dump (CVE‑2023‑32784) to retrieve root SSH key.

Medium Linux box abusing SNMP creds, Nagios XI SQLi + API abuse to gain command execution and root PrivEsc.

Easy Windows machine exploiting HttpFileServer 2.3 RCE for initial shell and unpatched kernel vulnerability for PrivEsc.

Medium Linux machine exploiting CVE‑2023‑42793 in TeamCity for initial access, followed by CVE‑2024‑21626 via Portainer for container escape and PrivEsc.

Easy Windows box with SQL injection in a Docker Toolbox‑hosted app, leading to container escape and host PrivEsc.

Easy Linux box using blind SQLi to dump DB, Laravel file‑upload webshell, and local binary PrivEsc.