crackmapexec smb live_hosts

Welcome to this blog post on “Installing Kubegoat in a Kubernetes cluster running on VMs.” In this post, we will walk through the steps of installing Kubegoat, a tool designed to simulate real-world Kubernetes cluster misconfigurations and vulnerabilities, in a Kubernetes cluster running on virtual machines. In addition to installing…

While using a managed Kubernetes service like EKS or GKE provides simplicity, understanding how to manually build a Kubernetes cluster from scratch is valuable for really comprehending how Kubernetes works under the hood. …

Welcome to my blog! In this post, I’ll be sharing my solutions to the challenges presented by bigiamchallenge.com. The Big IAM Challenge is an online CTF (Capture the Flag) event that tests participants’ knowledge of AWS IAM (Identity and Access Management). The challenge consists of six objectives that highlight common…

Level 2(http://level2-g9785tw8478k4awxtbox9kk3c5ka8iiz.flaws2.cloud/) a) We start with a web application running inside a container @ http://container.target.flaws2.cloud/ which requires us to authenticate with a username and password which we don’t possess. We have been provided an ecr (Elastic Container Registry) name- level2 b) Listing out images in the registry with our creds…

Level 1 (http://level1.flaws2.cloud/) — a) We are provided with a form that intakes digits only. Upon checking we came to know that validation is being performed only on the client side using javascript. This can be verified by viewing the HTML source of the page. Method validateForm() is performing this validation. b) We can…

Overview/Agenda - Exploiting SQLi for login bypass - Finding and Abusing file upload functionality to upload web shell - Getting a reverse shell using python3 payload and listening using pwncat - Finding DB creds in config file - Finding out that we are in a container - Enumerating container using linpeas - Finding out processes of…

Hi readers, recently I was filling up an online form and it was required to merge, upload and submit documents in pdf format. Usually, I tend to use free online tools for merging pdfs(like ilovepdf, etc). But this time the files which I was uploading contained PII and financial information…

Gaining continued access to a computer system or network that has been compromised is known as persistence. It requires bypassing security measures and re-configuring systems so that access is maintained even after users log out or reboot the system. This type of access can be difficult to achieve, as the…