Vulndev

  • Home
  • Blog
  • Tools
    • Shellcode Converter
  • Misc
    • Exploits
    • Machine List
    • Cheats – Windows
    • Cheats – Linux
    • Cheats – Shells
    • Cheats – Cracking
  • Lab
  • Discord
  • About Me
  • Home
  • Blog
  • Tools
    • Shellcode Converter
  • Misc
    • Exploits
    • Machine List
    • Cheats – Windows
    • Cheats – Linux
    • Cheats – Shells
    • Cheats – Cracking
  • Lab
  • Discord
  • About Me

Home

xct2021-09-10T07:02:29+00:00
24SepSeptember 24, 2022

Windows Kernel Exploitation – Arbitrary Memory Mapping (x64)

xct2022-09-24T11:13:51+00:00

In this post, we will develop an exploit for the HW driver. I picked this one because I looked for some real-life target to practice on and saw a post by Avast that mentioned vulnerabilities in an old version of this driver (Version 4.8.2 from 2015), that was used as...

By xctWindows Kernel Exploitationbinary exploitation, kernel exploit, windows
Read more...
17SepSeptember 17, 2022

SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation – StreamIO @ HackTheBox

xct2022-09-17T14:42:22+00:00

Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from file inclusion to RCE and in this case getting the SeImpersonate privilege back to get SYSTEM via an EFS-based potato.

By xctCTFactive directory, hackthebox, seimpersonate, sql injection, windows
Read more...
09SepSeptember 9, 2022

Browser Exploitation: Firefox OOB to RCE

xct2022-09-09T12:07:57+00:00

In this post, we will exploit Midenios, a good introductory browser exploitation challenge that was originally used for the HackTheBox Business-CTF. I had some experience exploiting IE/Edge/Chrome before, but exploiting Firefox was mostly new to me.

By xctBrowser Exploitationbinary exploitation, browser exploitation, firefox, hackthebox
Read more...
27AugAugust 27, 2022

Resource-Based Constrained Delegation – Resourced @ PG-Practice

xct2022-08-27T15:48:11+00:00

Video & additional notes for Resourced, an intermediate difficulty Windows machine on PG-Practice that involves password spraying and an RBCD attack.

By xctCTFactive directory, pg practice, rbcd, windows
Read more...
16JulJuly 16, 2022

Active Directory, JEA & Random Stuff – Acute @ HackTheBox

xct2022-07-27T06:52:59+00:00

Acute is a 40-point Active Directory Windows machine on HackTheBox. I'm going to use it to show some techniques which can be useful in other scenarios and keep it short on the things that are not that important.

By xctCTFactive directory, hackthebox, windows
Read more...
14JulJuly 14, 2022

Windows Kernel Exploitation – HEVD x64 Use-After-Free

xct2022-07-14T19:59:50+00:00

This part will look at a Use-After-Free vulnerability in HEVD on Windows 11 x64.

By xctWindows Kernel Exploitationbinary exploitation, kernel exploit, windows
Read more...
  Prev123…22Next  
Support me on Patreon!

Categories

  • Browser Exploitation (1)
  • CTF (110)
  • Fuzzing (4)
  • Misc (2)
  • Tools (1)
  • Vulnerability (2)
  • Vulnlab (8)
  • Windows Kernel Exploitation (5)
  • Windows Userland Exploitation (3)

Latest Posts

VL Shinra Part 4 – Reverse Engineering, Binary Exploitation & Ansible
January 28, 2023
VL Shinra Part 3 – Initial Payload Design, Host Enumeration & getting SYSTEM
January 18, 2023
VL Shinra Part 2 – Enumerate, Enumerate, Enumerate!
January 10, 2023
Real World CTF 2023 – NonHeavyFTP
January 8, 2023
VL Shinra Part 1 – SQLi, Command Injection & Hash Cracking
January 7, 2023
Ekoparty 2022 BFS Windows Challenge
November 3, 2022

Tags

active directory binary exploitation command injection crypto cve deserialization docker dynamorio electron ftp gitlab gogs hackthebox heap jwt kernel exploit laps ldap lfi linux metasploit openbsd password cracking password spraying path hijacking path traversal pg practice phishing php registry responder reversing rfi rop secretsdump seimpersonate smb sql injection sticky notes sudo tryhackme vulnlab web windows xss

Contact

  • Email: xct@vulndev.io

Follow

Twitter Youtube Linkedin
© Copyright 2022. All Rights Reserved.