ColdFusion has several very popular LFI’s that are often used to fetch CF hashes, which can then be passed or cracked/reversed. A lesser use of this LFI, one that I haven’t seen documented as of yet, is actually obtaining a shell. When you can’t crack or pass, what’s left? The less-than-obvious solution is to exploit CFML’s parser, […]
read more »
Learn how to upload files from a web browser to your server. It’s easy uploading files to your server over the web with Coldfusion. Follow these easy steps to accomplish this task. We will create 1 page that will do it all for us.Create a new page in Ultradev and save it as “uploadfile.cfm”. Create […]
read more »
So this attack has been published for a while now and I just never posted but I still have found it fruitful during pen tests. For that reason I wanted to collect all the information I have read and learned while performing this attack into one location for my reference. The basic concept of this […]
read more »
Preface Recently, I have been working in an environment with lots of Adobe ColdFusion installations, most of them unpatched, having nice, exploitable vulnerabilities. You can find almost everything about hacking ColdFusion on different blogs / forums / etc. but for convenience, I wanted to collect those tricks that I was able to use in real […]
read more »
Introduction Netcat is one of those old school hacking tools that has been around for what seems like an eternity. Its stable release was made available back in March 20, 1996 and is currently available for download at http://netcat.sourceforge.net. That being said…I didn’t even get my first real computer until 1999, which was a Compaq Presario. […]
read more »Meterpreter Backdoor After going through all the hard work of exploiting a system, it’s often a good idea to leave yourself an easier way back into it for later use. This way, if the service you initially exploited is down or patched, you can still gain access to the system. To read about the original […]
read more »OSCP notes Timo Sablowski Abstract Information Gathering Reconnaissance The Harvester Shodan DNS Google Dorks Service Enumeration SMB service enumeration SNMP Penetration SQLi PHP Generating Shells Custom Shells Compiling Privilege Escalation Maintaining Access Network Shells File Transfer TFTP Windows wget alternative Pivoting Metasploit SSH Misc Useful Commands And Notes Windows Tasks / Services Base64 encoding / […]
read more »
26000-windows-meterpreterless-post-exploitation Original Link
read more »If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a reverse shell or binding […]
read more »
