[~]$ whoami

Cyber-Security Researcher and Developer having interests in Application-Security, *nix based Systems, Android, Reverse Engineering and Programming; loves Command Line, FOSS. Read more..

  • Link Tree - Links to all my social media profiles.
  • RSS Feed - Subscribe to this blog using RSS aggregators.
  • Reach out to me at contact[at]adityatelange[dot]in if you have any questions/suggestions.

State of VMWare Workstation (Pro?) on Linux

VMWare Workstation is a popular virtualization software that was recently made available for free personal use after VMWare was acquired by Broadcom. This is an excellent move by Broadcom, as it will help many users to utilize this software for free for personal use and learning purposes. I have been using VMWare Workstation on Linux for a while now and I have to say that it is a great piece of software....

June 24, 2024 · 4 min · Aditya Telange

Android App Security Testing Lab with MobSleuth

Setting up a virtual lab for Android App security assessments.

June 16, 2024 · 3 min · Aditya Telange

Android phone as a Webcam on Linux

Learn how to set up a virtual webcam on Linux using your Android device’s cameras using scrcpy.

February 17, 2024 · 3 min · Aditya Telange

Breaking down Reverse shell commands

In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement. For that we have an awesome project: revshells.com or reverse-shell-generator where we have a ton of reverse shell payloads listed. This blog post tries to explain their working. Note: I’ll be breaking down all of them, but not all at once....

May 7, 2023 · 5 min · Aditya Telange

HackTheBox - Photobomb

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

February 11, 2023 · 7 min · Aditya Telange
This site uses cookies to improve your experience on our website. By using and continuing to navigate this website, you accept this. More details in Privacy Statement.