Anytime I find a file upload form I test it. Best case scenario is that I can upload a reverse shell in a scripting language available on the webserver. If the application is running in PHP or ASP for example, it becomes quite easy. If I can’t get a backdoor uploaded, I will attempt to…
n00py Blog- Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel
- Understanding UNC paths, SMB, and WebDAV
- Exploiting Genuitec Secure Delivery Center (SDC) < Version 5.4.7 (Local File Inclusion)
- Popping shells on Splunk
- Dark Tip: Avoiding SSL Inspection on Palo Alto Firewalls
- The Dangers of Client Probing on Palo Alto Firewalls
- Bypassing Duo Two-Factor Authentication (Fail Open)
- Executing Meterpreter in Memory on Windows 10 and Bypassing AntiVirus (Part 2)
- Executing Meterpreter in Memory on Windows 10 and Bypassing AntiVirus
- Ducky-in-the-middle: Injecting keystrokes into plaintext protocols