Exposed PHPUnit `eval-stdin.php` (CVE-2017-9841) under a web-accessible `vendor` folder allowed file-read payloads to dump site source and reveal DB credentials. Using the compromised host as a pivot, I accessed internal databases and extracted data — ends with practical defensive mitigations for defenders.
In this blog, I’ll walk through how I gained access to multiple machines within an organization by cracking Linux user hashes and leveraging Shodan to identify additional targets. This post will focus on the post-exploitation phase, including hash extraction, cracking, and lateral movement.
In this post, I'll walk through how I was able to gain unauthorized access to multiple machines by exploiting unencrypted private keys and misconfigured SSH settings.
In this blog, we will explore how I performed lateral movement and gained access to multiple machines on a private network by logging SSH credentials.
In this blog, I’ll walk through how I created a heat map for the Linux computer labs at IIT Kanpur. This approach can be applied to any institute or organization with a similar setup.
