Pentest Archives - TCPGuard.com

Pentest mPDF read any file and meta-git RCE to root

Mohad Pentest, Uncategorized July 18, 2022

Situation: School Admin Panel with Pdf download option using mpdf. logged in as admin with sql injection bypass ‘or 1=’1’#. Using Burp Suite checking the request Decrypting it using base64…

Pentest Werkzeug httpd login bypass via lfi and py + reverse shell + root

Mohad Pentest July 18, 2022

found a py file online that can grant you password to access Werkzeug if you got machine id + address. lucky we find LFI to read them .. python script import hashlib…

Pentest Rocket Chat RCE + docker VM PoC read any root file (PRIV esc) shocker

Mohad Pentest July 18, 2022

affected script is Rocket Chat official site : https://rocket.chat/ Situation : log in as mod or admin. after login in go to INTEGRATION choose the active channel ( my case was GENERAL …

Pentest PandoraFMS Backup Utility root priv escalation

Mohad Pentest July 18, 2022

Situation: reverse shell or ssh connection. official site : https://pandorafms.com/manual/en/ation/05_big_environments/07_server_management executing command : /usr/bin/pandora_backup show we have no permission. reading the backup script it shows that depends on tar, so i created…

Pentest router Apk and get ssh access over host

Mohad Pentest July 18, 2022

out of the b0x 😉 downloaded a router online config apk , run it on LD Player and activated burp suite . checking the request : sent it to repeater and ..…

Pentest (read any file) treport – Priv escalation

Mohad Pentest July 18, 2022

misconfiguration can led to r00t too.. Situation: ssh connection or reverse shell. /bin/treport (threat report system) executing sudo -l result : P0c: Reading any file with root priv in the system using option…

Pentest Docker Engine priv escalation

Mohad Pentest July 18, 2022

Situation: ssh user with docker priv. docker installed. ubuntu server usually normal docker usage is : docker run hello-world This command downloads a test image and runs it in a container. When the container…

Pentest XSS Attack To SSH

Mohad Pentest July 18, 2022

Situation : Admin Panel infected with xss and uploading any file converted to pdf. P0c from (https://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html): <script> x=new XMLHttpRequest; x.onload=function() { document.write(this.responseText) }; x.open("GET","file:///etc/passwd"); x.send(); </script> Explaining it in images: Next Download…

Category: Pentest