Vulndev

  • Home
  • Blog
  • Tools
    • Shellcode Converter
  • Misc
    • Exploits
    • Machine List
    • Cheats – Windows
    • Cheats – Linux
    • Cheats – Shells
    • Cheats – Cracking
  • Discord
  • Vulnlab
  • About Me
  • Home
  • Blog
  • Tools
    • Shellcode Converter
  • Misc
    • Exploits
    • Machine List
    • Cheats – Windows
    • Cheats – Linux
    • Cheats – Shells
    • Cheats – Cracking
  • Discord
  • Vulnlab
  • About Me

Home

xct2021-09-10T07:02:29+00:00
08JanJanuary 8, 2023

Real World CTF 2023 – NonHeavyFTP

xct2023-01-08T14:08:29+00:00

This is a short writeup on the "NonHeavyFTP" challenge from Real World CTF 2023. This was one of the easier challenges with the goal of exploiting LightFTP in Version 2.2 (the latest one on github at the time). I ended up with a file-read vulnerability that allowed to read the...

By xctCTF, Fuzzingcustom exploitation, ftp, linux
Read more...
07JanJanuary 7, 2023

VL Shinra Part 1 – SQLi, Command Injection & Hash Cracking

xct2023-01-18T17:07:44+00:00

This is the first video of a series about Shinra, a virtual company in a private red team lab. We will conduct a full pentest on Shinra and explore various topics along the way.

By xctVulnlabcommand injection, linux, password cracking, sql injection
Read more...
03NovNovember 3, 2022

Ekoparty 2022 BFS Windows Challenge

xct2022-11-07T20:24:46+00:00

In this blog post, we will solve the Windows userland challenge that Blue Frost Security published for Ekoparty 2022.

By xctCTF, Windows Userland Exploitationbinary exploitation, windows
Read more...
24SepSeptember 24, 2022

Windows Kernel Exploitation – Arbitrary Memory Mapping (x64)

xct2022-09-24T11:13:51+00:00

In this post, we will develop an exploit for the HW driver. I picked this one because I looked for some real-life target to practice on and saw a post by Avast that mentioned vulnerabilities in an old version of this driver (Version 4.8.2 from 2015), that was used as...

By xctWindows Kernel Exploitationbinary exploitation, kernel exploit, windows
Read more...
17SepSeptember 17, 2022

SQLi, LFI to RCE and Unintended Privesc via XAMLX & Impersonation – StreamIO @ HackTheBox

xct2022-09-17T14:42:22+00:00

Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from file inclusion to RCE and in this case getting the SeImpersonate privilege back to get SYSTEM via an EFS-based potato.

By xctCTFactive directory, hackthebox, seimpersonate, sql injection, windows
Read more...
09SepSeptember 9, 2022

Browser Exploitation: Firefox OOB to RCE

xct2022-09-09T12:07:57+00:00

In this post, we will exploit Midenios, a good introductory browser exploitation challenge that was originally used for the HackTheBox Business-CTF. I had some experience exploiting IE/Edge/Chrome before, but exploiting Firefox was mostly new to me.

By xctBrowser Exploitationbinary exploitation, browser exploitation, firefox, hackthebox
Read more...
  Prev123…23Next  
Support me on Patreon!

Categories

  • Browser Exploitation (1)
  • CTF (110)
  • Fuzzing (4)
  • Misc (2)
  • Tools (2)
  • Vulnerability (2)
  • Vulnlab (11)
  • Windows Kernel Exploitation (5)
  • Windows Userland Exploitation (3)

Latest Posts

Tool Review: WinSSH
July 9, 2023
VL Intercept – Walkthrough
July 1, 2023
Shinra & Wutai Videos
May 5, 2023
VL Shinra Part 4 – Reverse Engineering, Binary Exploitation & Ansible
January 28, 2023
VL Shinra Part 3 – Initial Payload Design, Host Enumeration & getting SYSTEM
January 18, 2023
VL Shinra Part 2 – Enumerate, Enumerate, Enumerate!
January 10, 2023

Tags

active directory arbitrary file write asrep-roasting binary exploitation command injection crypto cve dcsync deserialization docker dynamorio ftp fuzzing gs hackthebox heap java keepass kernel exploit laps ldap lfi linux metasploit node openbsd password cracking password spraying path hijacking pg practice phishing php privileges registry responder reversing rop seimpersonate sql injection sudo tryhackme vulnlab web windows xss

Contact

  • Email: xct@vulndev.io

Follow

Twitter Youtube Linkedin
© Copyright 2022. All Rights Reserved.