Explore >> Select a destination
|
You are here 
|
oddvar.moe | ||
| | | | |
pentestlab.blog
|
|
| | | | | The accessibility features provide additional options (on screen keyboards, magnifier, screen reading etc.) that could assist people with disabilities to use Windows operating systems easier. However, this functionality can be abused to achieve persistence on a host that RDP is enabled and Administrator level privileges have been obtained. This technique touches the disk, or modification... | |
| | | | |
thinkdfir.com
|
|
| | | | | In preparation for an upcoming FOR500 class I thought I would test out one of the recent additions to the class. This post by my colleague Zach shows that Win10 1903 and later has a registry key that will store the full path of any executable that utilises the computers camera or microphone. Zach shows... | |
| | | | |
4bes.nl
|
|
| | | | | UPDATE: I have been working on this script and it can now be found in the Gallery! So if you just want to know about... | |
| | | | |
blog.ikuamike.io
|
|
| | | Difficulty Release Date Author Beginner 2 Mar 2020 Zayotic Summary In this box, we first perform ldap injection on the web application to bypass the login page. Then we are able to read local files by abusing a local file inclusion vulnerability with php base64 filter. From one of the php files we get ldap credentials that we used to authenticate to ldap and dump entries. From the entries we get a base64 encoded password that we could use to ssh into the machine. | ||
