Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- Pandora FMS is a server monitor service that is dockerized.
- Several vulnerabilites were found, eventually leading to an RCE by the chaining of two vulns. Besides those, there is a reflected XSS payload because of content being directly inserted into a the JavaScript.
- An unauthenticated local file inclusion (LFI) can also be performed. This is done by making a request to GET /pandora_console/ajax.php?page=include/config, then the .php will be added to the end of the file. This LFI will execute PHP!
- Using the LFI above, this can be used to upload plugins in the form of a zip file. By doing this, it is possible to upload a malicious PHP shell that will be unzipped and callable by the user.
- By chaining the LFI with the file upload functionality, an unauthenticated RCE (Remote Code Execution) is created. Chaining bugs is almost interesting to create bigger issues!
