Android phone as a Webcam on Linux

Learn how to set up a virtual webcam on Linux using your Android device’s cameras using scrcpy.

February 17, 2024 · 3 min · Aditya Telange

Breaking down Reverse shell commands

In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement. For that we have an awesome project: revshells.com or reverse-shell-generator where we have a ton of reverse shell payloads listed. This blog post tries to explain their working. Note: I’ll be breaking down all of them, but not all at once. If you have any comments/feedback let me know in the comments section. ...

May 7, 2023 · 5 min · Aditya Telange

HackTheBox - Photobomb

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

February 11, 2023 · 7 min · Aditya Telange
This site uses cookies to improve your experience on our website. By using and continuing to navigate this website, you accept this. More details in Privacy Statement.