HTB

HTB #1 — Buff

I will try to write some walk-through for HTB boxes as a practice for my OSCP exam and record for myself. First as usual I start with running Nmap to discover more information about this remote server. nmap -sC -sV -O -oN nmap/Buff 10.10.10.198 There is a Apache web server […]

WebLogic Pre-Auth RCE (cve-2020-14882) PoC exploit

Reference : 1. https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf 2. https://github.com/jas502n/CVE-2020-14882 (bypass patch) cve-2020-14882 is a pre-auth RCE vulnerability in WebLogic discovered by voidfyoo of Chaitin Security Research Lab. This is a high impact and easy to exploit vulnerability. Wrote a poc exploit to pop up calculator on target server