How to Exploit a Local File Inclusion (LFI)
Complete guide on LFI vulnerability: exploitation techniques, bypasses, and methods to convert a Local File Inclusion into remote command execution.
Feb 7, 2022 Juan Antonio González Mena
All Posts
119 articles
Exploiting PHP Wrappers
Complete guide on exploiting PHP Wrappers in web vulnerabilities, including techniques with php://filter, zip://, data://, php://input and expect:// for LFI and XXE.
Feb 4, 2022 Juan Antonio González Mena
Blind OS command injection with output redirection – PortSwigger Write Up
Learn to exploit blind command injection vulnerabilities by redirecting output to accessible files to read the output of executed commands.
Feb 3, 2022 Juan Antonio González Mena
Blind OS command injection with time delays – PortSwigger Write Up
Learn to exploit blind command injection vulnerabilities using time delays to detect successful command execution on the server.
Feb 2, 2022 Juan Antonio González Mena
OS command injection, simple case - PortSwigger Write Up
Step-by-step solution for PortSwigger's OS command injection, simple case lab. Learn how to exploit operating system command injection vulnerabilities.
Feb 1, 2022 Juan Antonio González Mena
How to Exploit the Shellshock Attack
Explanation of the Shellshock vulnerability (CVE-2014-6271), its origin, how it works, and how to exploit it remotely to achieve command execution on web servers.
Jan 31, 2022 Juan Antonio González Mena
Ways to Execute Reverse Shells on Windows
Learn various techniques for obtaining reverse shells on Windows systems, from netcat to PowerShell scripts to fully interactive ConPtyShell.
Jan 24, 2022 Juan Antonio González Mena
What is LocalAccountTokenFilterPolicy
Learn what LocalAccountTokenFilterPolicy is in Windows, how it affects remote command execution with local administrative accounts, and how to disable it for pentesting purposes.
Jan 21, 2022 Juan Antonio González Mena
SGID, SUID, and Sticky Bit Permissions on Linux
Complete guide to special permissions on Linux: SGID, SUID, and Sticky Bit. Learn how they work, how to identify them, and the behaviors of UID and GID in the system.
Jan 17, 2022 Juan Antonio González Mena