Asst. Delivery Manager @ Threatsys | Expert in VAPT & Android Security | API Security | Project Management | CGEH | CEHv12
File path traversal, simple case
Bikram Keshari Rout’s Post
More Relevant Posts
-
🎯 Day 29/50 – Exploiting SPIP in Publisher! 🎯 Today, I completed the Publisher lab on TryHackMe! This challenge was a great hands-on experience in web enumeration, remote code execution (RCE), and privilege escalation. 🚀 🔍 What I Worked On: 1️⃣ Enumeration & Initial Access: -Discovered a SPIP directory while enumerating directories. -Identified a Remote Code Execution (RCE) vulnerability in the SPIP version used. -Exploited the vulnerability to fetch an SSH key and gained access to the system. 2️⃣ Privilege Escalation: -Found misconfigured permissions that allowed me to escalate privileges. -Leveraged this misconfiguration to gain root access and retrieve the final flag. 💡 Key Takeaway: This lab reinforced the importance of web application enumeration and understanding how misconfigurations can be leveraged for privilege escalation. Another great learning experience on this journey! If you've tackled SPIP vulnerabilities or similar privilege escalation challenges, let's discuss! #CyberSecurity #TryHackMe #LearningChallenge #Day29
-
Cybersecurity Engineer | Pentester | SWIFT CSP Auditor | Banking Security | Trend Micro EDR Certified| CEH Certified | CTF Player |
A fantastic challenge to sharpen your enumeration skills on this boot-to-root machine! 💲 Free for all users! ⚙ The AppArmor profile section was particularly intriguing. 🔎 Got a bit lost on the root part, but that just makes it more interesting! #tryhackme #ctf #Publisher #apparmor #redteam #cybersecurity #privilegeescalation
-
SOC Analyst | NCC Cadet | SIEM Tool | Wazuh | Threat Hunter | Malware Analyst | Network Security | Linux | Sql | Log Analysis | IDS/IPS | Firewall | Endpoint Security | Data Lose Prevention | Incident Response
🛠️ Lab Challenge: Path Traversal Vulnerability 🚀 This lab involves exploiting a path traversal vulnerability in the way product images are displayed. The objective is to retrieve the contents of the /etc/passwd file. GET /image?filename=../../../etc/passwd HTTP/2
-
chidiwilliams buzz model_loader.py download_model temp fileA vulnerability cl...A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to i...https://lnkd.in/g5RF8SMC
