udesh

udesh

Windows PrivEsc using Insecure Service Permissions

Today, we’ll use the Windows privilege escalation approach with the insecure service permission. This lesson can be helpful when you attempt to exploit a Windows computer using a vulnerability utilising publicly available exploits to gain access to a privileged user…

Auth bypass with PHP type Juggling

This post will discuss PHP type juggling and how they lead to authentication bypass vulnerability. PHP type juggling has two main comparison modes, loos(==) and strict(===). loose comparison mode has a set of operand conversion rules to make it easier…

Abusing SeLoadDriverPrivilege for Privilege Escalation

Windows SeLoadDriverPrivilege gives the service privilege to load and unload device drivers. this service allows users to install and remove drivers for Plug and Play devices. Assigning certain privileges to user accounts without administration permissions can result in local privilege escalation attacks.…