https://0xzouhair.github.io/Cybersecurity, CTF Player 2024-02-26T01:44:13+00:00 0xzouhair https://0xzouhair.github.io/ Jekyll © 2024 0xzouhair /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2024-01-30T04:33:00+00:00 2024-02-23T10:27:58+00:00 https://0xzouhair.github.io/posts/CMSpit-walkthrough/ 0xzouhair

Description: Dive into the world of web app hacking and privilege escalation with this TryHackMe machine, exploiting recent vulnerabilities. Difficulty: Medium Machine Link: CMSpit on TryHackMe 1. Enumeration Two ports are open: 22 [SSH] 80 [HTTP] At port 80, I spot Cockpit CMS on the landing page. 2. Exploitation Searching for “cockpit” in msfconsole, I identified a promising ...

2024-01-28T04:33:00+00:00 2024-01-30T00:15:46+00:00 https://0xzouhair.github.io/posts/linux-privilege-escalation/ 0xzouhair

NOTE: It is not always possible to escalate privileges to root, we have to escalate privileges to another non-root user, then escalate privileges to root Checklist Reference from PayloadsAllTheThings Kernel and distribution release details System Information: Hostname Networking details: Current IP Default route details DNS server information User Information: Current ...

2024-01-28T04:31:00+00:00 2024-01-28T04:31:00+00:00 https://0xzouhair.github.io/posts/windows-privilege-escalation/ 0xzouhair

Privilege Escalation Strategy This section is coming straight from Tib3rius Udemy Course. Spend some time and read over the results of your enumeration. If WinPEAS or another tool finds something interesting, make a note of it. Avoid rabbit holes by creating a checklist of things you need for the privilege escalation method to work. Have a quick look around for files in your user’s desk...