Amaan Khan’s Post

Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete TakeoverMultiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australianhttps://lnkd.in/gfSFtEgA

🚀 New Write-Up: HackMyVM - Publisher 🚀 Excited to share my latest write-up where I successfully gained root access to the HackMyVM - Publisher machine. This challenge involved exploiting a known vulnerability in the SPIP CMS and bypassing AppArmor restrictions for privilege escalation. 🛡️ 🎥YouTube: https://lnkd.in/gaGz7F9v Here’s a quick rundown of the steps I followed: 1. Ran Nmap to discover open ports and services. 2. Investigated the web server and identified SPIP vulnerabilities. 3. Exploited CVE-2023-27372 using Metasploit. 4. Leveraged Linpeas for post-exploitation enumeration. 5. Obtained SSH keys and accessed the machine. 6. Identified and exploited an SGID binary to gain root access. Learning Outcomes: - Reconnaissance tools like Nmap and Gobuster. - Exploiting web vulnerabilities with Metasploit. - Post-exploitation enumeration skills using Linpeas. - Bypass security mechanisms like AppArmor. - Effective strategies for privilege escalation. 🔗Blog: https://lnkd.in/ge6U67nf If you're into cybersecurity and CTFs, I hope you find this write-up insightful! #CyberSecurity #CTF #HackMyVM #PenetrationTesting #SPIP #PrivilegeEscalation #InfoSec #Metasploit #Linpeas

Just Completed: Chemistry from HackTheBox 🚀 Exploited file upload vulnerabilities, cracked hashes, and leveraged a file-read exploit to gain root access. Here is how I tackled it: 🔍 Initial Recon: - Ran rustscan to identify open ports, followed by nmap for deeper analysis. - Used feroxbuster to locate directories. 🌐 Web Application Discovery:  - Created an account and logged in to the application, where I found a .cif file upload feature.  - Discovered an exploit for this upload functionality, confirming it with a sleep 10 command.  - Uploaded a reverse shell payload and gained a reverse shell from the saved file. 💾 Database Extraction:  - Located a database.db file on the box, dumped it with sqlite3 to retrieve an MD5 hash of the user’s password.  - Cracked the hash using Crackstation, then accessed the box as that user via SSH. 🔒 Privilege Escalation:  - Found a service listening on port 8080, forwarded it to my local machine with SSH.  - Analyzed the service in Burp Suite, identifying it as ahttpio. Discovered an exploit for this service, requiring a specific directory.  - Located the directory with ffuf and used the exploit to read any file as root. 👑 Root Access:  - Accessed root.txt using the file-read exploit and completed the box. Proof: https://lnkd.in/g94Ey3gz Writeup: https://lnkd.in/g8C-FimP #HackTheBox #Cybersecurity #PenTesting #Linux #CTF #InfoSec #EthicalHacking #RedTeam #CyberSkills #BugBounty #CaptureTheFlag #OffensiveSecurity #LearningByDoing

Microsoft and Google are facing high-severity exploits with these CVEs. Our latest article provides a summary of these vulnerabilities as well as the affected versions and any remediation advice.   Check out the full details in the original post below ⬇

🚀 Day 2: Banner Grabbing & Service Enumeration – Part of my 7-day cybersecurity challenge! Today, I focused on #banner grabbing, an essential technique for collecting information about services running on open ports. This helps in understanding the software versions in use and lays the groundwork for identifying any potential vulnerabilities later on. 🔍 Steps I Followed: 1. Used the command nmap -sV -sC -p80,3306 (ip address) to capture service banners. 2. Gathered version details for services running on detected open ports. 3. Cross-checked the versions with known vulnerabilities databases (manual check after grabbing). Key Findings: Port 80 (Apache): Default Apache page detected. Port 3306 (MariaDB): Standard MariaDB service running. Additional output highlighted some configuration details that don't pose immediate risks but offer insights into how the system is set up. While banner grabbing didn’t reveal any direct vulnerabilities, it provides valuable context for deeper analysis. Excited for Day 3: Web Server Vulnerability Assessment with Nikto! Stay tuned for more insights! 💻🔒 #cybersecurityChallenge #BannerGrabbing #penetrationTesting #ethicalHacking

This is where Dynatrace is offering fundamentally different approach to solve one of the most critical problem of evolving run time vulnerability management, automated risk score and attack prevention #dynatraceinnovate #vulnerabilitymanagement #vulnerabilityassessment #applicationsecurity

🚨 Double trouble for Microsoft! Two Windows-based CVEs have been exploited by the TellYouThePass group and the Black Basta operation respectively. Also, Google has found serious security issues in it's Pixel Firmware, leading to a patch of 50 security vulnerabilities including a high-severity zero-day flaw. Our article linked below covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. We've also included any official fix and remediation guidance for the listed vulnerabilities. Read more: https://lnkd.in/eVvG-J_K #CyberSecurity #CVEs #Vulnerabilities #Google #Microsoft #Windows #Ransomware

#Dynatrace security researchers recently found out that vulnerability CVE-2020-36641 was not fixed as claimed, and aXMLRPC versions 1.12.1 and higher are still exploitable. Why is it still exploitable? We explain why and what to do about it in the blog: https://dynatr.ac/3SraTfH

🚀 New CTF Write-Up: HackMyVM - Connection 🚀 Thrilled to share my latest Capture The Flag (CTF) write-up where I tackled the HackMyVM - Connection challenge. This experience involved leveraging SMB enumeration and a PHP reverse shell to gain root access. 🛡️ Here’s a quick summary of the steps I followed: 1. Ran Nmap for open ports and services. 2. Enumerated the SMB server for vulnerabilities. 3. Uploaded a PHP reverse shell. 4. Retrieved the user flag. 5. Checked SUID permissions for escalation. 6. Escalated privileges to obtain the root flag. Learning Outcomes: - Enhanced skills in SMB enumeration and privilege escalation techniques. 🔗Blog: https://buff.ly/3UvSdMr If you’re passionate about cybersecurity and CTF challenges, I hope you find this write-up valuable! #CyberSecurity #CTF #HackMyVM #PenetrationTesting #PrivilegeEscalation #InfoSec #SMB