Pentest PandoraFMS Backup Utility root priv escalation

Mohad Pentest July 18, 2022
Situation: reverse shell or ssh connection.   official site : https://pandorafms.com/manual/en/ation/05_big_environments/07_server_management   executing command : /usr/bin/pandora_backup   show we have no permission. reading the backup script it shows that depends on tar, so i created…
Read More

Pentest router Apk and get ssh access over host

Mohad Pentest July 18, 2022
out of the b0x 😉   downloaded a router online config apk , run it on LD Player and activated burp suite . checking the request :     sent it to repeater and  ..…
Read More

Pentest Docker Engine priv escalation

Mohad Pentest July 18, 2022
Situation: ssh user with docker priv. docker installed. ubuntu server   usually normal docker usage is : docker run hello-world This command downloads a test image and runs it in a container. When the container…
Read More