All Posts

The Lion machine is vulnerable to SQL injection, allowing RCE through the upload of a webshell, and has privilege escalation via cron jobs.

The application has vulnerabilities such as CVE-2022-29464, unrestricted file upload and remote code execution, privilege escalation via SUID binary, and Docker escape.

Machine for network traffic analysis and vulnerability exploitation in Ghostscript (CVE-2024-29510).

The application has Remote Code Execution vulnerabilities in Apache APISIX (CVE-2022-24112) and privilege escalation via the SUID binary lua.

Exploring an SSTI vulnerability in a live rendering application, it is possible to gain RCE on the server. The privilege escalation involves sudo permissions on logstash.