Abraxas

“Just a nerd writing about tech”

Hi, I’m Abraxas, a software developer with a Bachelor’s degree in Computer Science, venturing into the exciting world of infosec.

Learn more

Recent

Jenkins CVE-2024-23897

4 February 2024·11 mins

Research PoC CVE Jenkins CVE-2024-23897 file-read shodan python

Analysis and proof-of-concept (PoC) for Jenkins file-read vulnerability CVE-2024-23897.

HTB Zipping

14 January 2024·15 mins

HTB Linux htb-medium zip zip-symlink file-read php php-regex preg_match sql-injection pdo-prepare sqli-file-write lfi file-inclusion null-byte ltrace gdb strings shared-object msfvenom

Zipping is a medium-difficulty Linux box hosting a PHP web application with a vulnerable file upload function. This function is susceptible to a file read exploit involving zip archives. By exploiting this flaw, I was able to obtain the application’s source code, revealing a SQL injection vulnerability. I leveraged this vulnerability to write a webshell on the system. Additionally, I discovered that the user rektsu has sudo privileges over a binary, and misconfigurations in shared library objects can be exploited to gain root privileges.

HTB Sau

10 January 2024·8 mins

HTB Linux htb-easy request-baskets SSRF proxy mailtrail command-injection systemctl less pager

Sau is an easy linux box that hosts an website on a non standard port. Exploiting an SSRF vulnerability on the site allowed for the exploitation of a command injection flaw within an internal Mailtrail application, leading to a shell as the user puma. Next, user puma has sudo privileges for systemctl, and the less pager is exploited to escalate privileges.