题目描述: 能力越大,越危险 使用ssh连接端口,用户为”ctf”,密码为”ctf” 由题目描述联想到Capabilities提权,直接getcap -r / 2>/dev/null搜索可利用的二进制可执行文件,发现dig命令,可以在GTFOBins查找到这个命令可读取文件内容,直接dig -f flag即出flag 本文采用CC-BY-SA-3.0协议,转载请注明出处 Author: ph...
Command used: << /sbin/getcap -r / 2>/dev/null >> The python2.7 has cap_sys_ptrace+ep capability. This capability can be used for privilege escalation and can help us get the root. We need to identify a process that can be run as the root user. We checked the processes and found...
SQL informationschema.processlist + UPNP warning + getcap -ep May 26, 2019 SAML Injection GraphQL + LXD/etc/passwd PrivEsc + Win firewall Jun 9, 2019 SQL Injection HQL Injection + references update Jun 17, 2019 Server Side Request Forgery ...
SQL informationschema.processlist + UPNP warning + getcap -ep May 26, 2019 SAML Injection GraphQL + LXD/etc/passwd PrivEsc + Win firewall Jun 9, 2019 SQL Injection PostgreSQL rewrite + LFI SSH Jun 30, 2019 Server Side Request Forgery MS14-068 + /etc/security/opasswd Jun 29, 2019 ...
SQL informationschema.processlist + UPNP warning + getcap -ep SAML Injection GraphQL + LXD/etc/passwd PrivEsc + Win firewall SQL Injection HQL references Server Side Request Forgery JWT RS256 to HS256 using pubkey to generate a signature ...