Posts

All the articles I've posted.

• WriteUp Token Of Love - TheHackersLabs

  

  Writeup narrating the exploitation in "Token Of Love," where a hidden clue in IPFS is deciphered to obtain the private key and manipulate the JWT. Vulnerabilities in Node.js are exploited to achieve RCE, and by using sudo with tee and a vulnerability in rsync wildcards, privilege escalation to root is achieved.

• WriteUp Matrix - Vulnyx

  

  This writeup documents the exploitation of a vulnerable machine inspired by Matrix, using traffic analysis, PHP injection, and privilege escalation with rsync to gain root access.

• Lab Inj3ctlab - Bug Bounty Labs

  

  Article describing the SSTI vulnerability and providing a step-by-step guide on how to solve the Inj3ctlab laboratory from Bug Bounty Labs to practice SSTI in multiple template engines.

• WriteUp Subversión - Dockerlabs

  

  This lab, available on the Dockerlabs platform, covers multiple security challenges: from brute-forcing Subversion and guessing an insecure random number to exploiting a buffer overflow and escalating privileges using the tar wildcard technique.