coffeetohack
  • Introduction
  • Methodology
  • Cheatsheet
    • Ports
    • Nmap
    • Directory Bruteforce
    • Password Cracking
    • Web Server
    • Shells
    • TTY Shells
    • File Transfers
    • XSS | SQLi
    • LFI / RFI
    • File Uploads
    • Port Forwarding
  • Framework/Application
    • CMS Made Simple
    • Blundit
    • Wordpress
    • OctoberCMS
    • Tomcat
  • Windows PrivEsc
    • Scheduled Tasks
    • Stored Passwords
    • Installed Apps
    • Unquoted Service Path
    • Binary Paths
    • DLL Hijacking
    • Startup Apps
    • Executable Files
    • Registry
    • Run As
  • Linux PrivEsc
    • Sudo
    • SUID
    • Capabilities
    • Scheduled Tasks
    • NFS Root Squashing
    • Docker
  • Buffer Overflow
    • dostackbufferoverflow
    • BoF 1
    • Vulnserver
    • Brainpan
    • Brainstorm
  • Initial Shell Exploits
  • PrivEsc Exploits
  • Cisco Packet Tracer
  • Active Directory
    • Methodology
    • LLMNR Poisioning
    • Cracking Hashes
    • SMB Relay
    • IPv6 Attacks
    • PowerView
    • Bloodhound
    • Pass The Hash
    • Token Impersonation
    • Kerberoasting
    • GPP Attack
    • URL File Attack
    • PrintNightmare
    • Mimikatz
    • Golden Ticket Attack
  • OSINT
Powered by GitBook
On this page

Was this helpful?

Initial Shell Exploits

Kioptrix 1:
mod_ssl and OpenFuck
Samba 2.2.1a (Trans2open)

Kioptrix 1.2 | Kioptrix 3:
LFI and MySQL Injection

Kioptrix 2014:
pChart 2.1.3 LFI
phptax (searchsploit)

VulnOS 2:
OpenDocMan 1.2.7 SQLi (searchsploit)
MySQL Injection

SickOS 1.2
PUT method

Hacklab:
Add ssh keys to home folder via showmount 2049 (rootsquash)

Pwnos 2.0
Simple PHP Blog 0.4.0
MySQL Injection 

SkyTower 1
MySQL Injection (char filtered) + SQUID 3128 proxychains to access SSH

Pwnlab
LFI Php wrapper

Zico 2
phpLiteAdmin v1.9.3

Wintermute 
SMTP log poisoning

Lord of the root 1.0.1
MySQL Blind Time based

Troll 2
SSH shellshock (error msgs after connecting to ssh in -vvv)

Hackme1
MySQL Time based blind

DC 6
WP Activity Monitor plugin RCE

DC 9
MySQL Time based blind + LFI

digitalworld.local BRAVERY
Cuppa CMS LFI

digitalworld.local DEVELOPMENT
slogin_lib.inc.php (error msg) - Simple Text-File Login script

digitalworld.local MERCY v2
RIPS LFI + Tomcat username (tomcat-users.xml)

digitalwordl.local JOY
Ftp copy, proftpd 1.3.5 exploit 

Prime 1
Wordpress shell

Symfonos 1
Wordpress Mail Masta LFI + SMTP log poisoning RCE

Symfonos 2
ssh tunnel, port forwarding + LibreNMS exploit

Symfonos 3
Shellshock 

Symfonos 4
LFI + Ssh log poisoning + ssh tunnel, port forwarding

Symfonos 5
LDAP 380 + LFI

Sar 1
sar2html exploit

Djinn 1
Base64encode payload

EVM 1
Wordpress shellupload

DerpNStink 1
Wordpress Slideshow Gallery File Upload + PHPMyAdmin + SSH key (id_rsa)

W34kn3ss 1
OpenSSL 0.98c-1 exploit

GoldenEye 1
Moodle CMS exploit

PreviousBrainstormNextPrivEsc Exploits

Last updated 3 years ago

Was this helpful?