https://chiefdennis.github.io/tags/feroxbuster/Recent content in Feroxbuster on Chief Dennis' BlogHugoenThu, 11 Dec 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_sorcerer/Thu, 11 Dec 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_sorcerer/<h2 id="sorcerer-offsec-walkthrough"> Sorcerer OffSec Walkthrough <a class="heading-link" href="#sorcerer-offsec-walkthrough"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p><img src="https://chiefdennis.github.io/posts/offsec_sorcerer/Picture_0.png" alt="image"></p> <h3 id="1-introduction"> 1. Introduction <a class="heading-link" href="#1-introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>This walkthrough documents the compromise of the Sorcerer machine from CyberSecLabs (CFT).</p> <p>We compromised the Sorcerer machine through classic multi-surface enumeration: multiple web servers, exposed ZIP archives leaking Tomcat credentials and SSH keys, restricted SSH bypass through editing authorized_keys, and final privilege escalation via a misconfigured SUID start-stop-daemon binary (GTFOBins).</p>https://chiefdennis.github.io/posts/offsec_cockpit/Sun, 18 May 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_cockpit/<p><img src="https://chiefdennis.github.io/posts/offsec_cockpit/image0.png" alt="image"></p> <h2 id="introduction"> Introduction <a class="heading-link" href="#introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <h3 id="sql-injection-vulnerability"> SQL injection vulnerability <a class="heading-link" href="#sql-injection-vulnerability"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>A SQL Injection (SQLi) vulnerability is one of the most critical threatsin web applications that interact with databases. This vulnerability occurs when an application does not properly validate and sanitize user input before using it in SQL queries, allowing an attacker to manipulate these queries to access, modify, or delete data in the database.</p>https://chiefdennis.github.io/posts/offsec_dvr4/Tue, 01 Apr 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_dvr4/<h2 id="dvr4-offsec-walkthrough"> DVR4 Offsec Walkthrough <a class="heading-link" href="#dvr4-offsec-walkthrough"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p><img src="https://chiefdennis.github.io/posts/offsec_dvr4/Picture23.png" alt="image"></p> <h3 id="lfi-vulnerability"> LFI Vulnerability <a class="heading-link" href="#lfi-vulnerability"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>Local File Inclusion (LFI) is a security vulnerability in web applications that allows an attacker to access files stored on the server. This failure occurs when an applicationconstructs file paths based on user input without properly validating its contents. As a result, an attacker can manipulate those paths to read sensitive system files and, in some cases, execute malicious code.</p>https://chiefdennis.github.io/posts/offsec_snookum/Sun, 16 Mar 2025 13:07:16 +0100https://chiefdennis.github.io/posts/offsec_snookum/<h2 id="snookum-offsec-walkthrough"> Snookum OffSec Walkthrough <a class="heading-link" href="#snookum-offsec-walkthrough"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <h3 id="rfi-vulnerability"> RFI Vulnerability <a class="heading-link" href="#rfi-vulnerability"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h3> <p>Remote File Inclusion (RFI) is a vulnerability in web applications that allows an attacker to upload and execute files hosted on external servers. This flaw occurs when an applicationdynamically includes files without properly validating user input, which can lead to the execution of malicious code. If proper security measures are not taken, RFI can completely compromise a system, facilitating data theft, malware execution, or even full control of the server.</p>