Joomla! is an open-source content manager used for publishing web content applications such as forums, user communities, E-commerce and many other web-based applications.

In this tutorial I dive into Joomla! version 3.7.0 which does not properly sanitize input making it susceptible to SQL injection. Enumeration of the SQL databases discovers…

Jenkins is a popular automation server used by developers for continuous integration and pipelines. It allows for easier code deployment when changes in code are made. This article demonstrates an exploit made possible due to misconfiguration. Special thanks to TryHackMe for hosting this box.

Running an Nmap scan determines that…

CVE-2018–6384

Synopsis

This is a local privilege escalation issue on version 0.3.9. It was handled as a non-public zero-day exploit. Mitigation suggests to upgrade to version 0.4.1.72.

For those not familiar with NSClient++. It is an agent designed to work with Nagios and aims to be a secure monitoring daemon.

Privilege…

High-level Summary:

The host is a Linux machine running a web server on port 80. There is a Webmin portal on port 10000 that is vulnerable to credential-reuse and a Redis database on port 6379 that does not require authentication. …

In this article I will be demonstrating a pass-the-hash attack on a Windows Domain Controller made possible from a user account with disabled Kerberos pre-authentication.

Enumeration:

Running Nmap

nmap -A -T4 -p- -oG AD 10.10.84.174
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-22 16:28 EDT
Warning: 10.10.84.174 giving up on port because retransmission…

Today’s article will be short and simple. We will enumerate a SMTP server using Metasploit and use our findings to brute-force a password through SSH. As always thanks to THM for providing the resources. Let’s dive in!

Enumeration:

Begin by running Nmap against our target IP.

nmap -v -T4 -A -p…

High-level Summary:
The host is a Linux machine running an IPAM tool, OpenNetAdmin. There’s an OpenNetAdmin portal on port 80 used to access the admin control panel which is vulnerable to Remote Code Execution (RCE). …

The first step in penetration is to perform reconnaissance, this will allow me to learn more about our target systems services and versions the services are running; this form of information gathering is refer to as fingerprinting. …

Casey Hillmann

Writer of cyber security content. Follow my blog for all things related to offensive security and threat hunting.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store