MR X, Author At CertCube Labs

All Blog AD exploitation & Post exploitation

Powershell Scripts Execute without Powershell

Posted on 21st March 202013th July 2021 | by MR X

In this blog, we will discover the best tool to run PowerShell scripts and commands without using powershell.exe PowerLine NPS […]

Windows-Pentesting AD exploitation & Post exploitation All Blog

Active Directory privilege escalation cheat sheet

Posted on 23rd February 202013th July 2021 | by MR X

Recon # Systeminfo systeminfo hostname # Especially good with hotfix info wmic qfe get Caption,Description,HotFixID,InstalledOn # What users/localgroups are on […]

All Blog

AWAE review

Posted on 21st February 202023rd February 2020 | by MR X

Summary Layout of AWAE is similar to the PWK training. You get a PDF textbook, a collection of videos, and […]

All Blog Linux privilege escalation

Back To The Future: Unix Wildcards Injection

Posted on 16th February 202013th July 2021 | by MR X

Table Of Content: ===[ 1. Introduction ===[ 2. Unix Wildcards For Dummies ===[ 3. Wildcard Wilderness ===[ 4. Something more […]

All Blog

Linux Kernel Exploit list

Posted on 27th January 202013th July 2021 | by MR X

Exploit Name Kernel Start Kernel End Exploit URL hudo 2.0.0 6.0.1 https://github.com/FuzzySecurity/Unix-PrivEsc/blob/master/hudo.c ip6t_so_set(loc) 2.0.0 4.6.2 https://www.exploit-db.com/exploits/40489/ libfutex(loc) 2.0.0 2.0.0 https://www.exploit-db.com/exploits/35370/ […]

Linux privilege escalation All Blog

SUDO-LD_PRELOAD Linux Privilege Escalation

Posted on 8th January 202013th July 2021 | by MR X

What is LD_PRELOAD? LD_PRELOAD is an optional environmental variable holding one or more paths to shared libraries or shared objects, the […]

OSCP Study material All Blog

RCE with log poisoning Attack Methodologies

Posted on 19th December 201913th July 2021 | by MR X

Some of the important log files are the following :- http://example.com/index.php?page=/var/log/apache/access.log http://example.com/index.php?page=/var/log/apache/error.log http://example.com/index.php?page=/var/log/nginx/access.log http://example.com/index.php?page=/var/log/nginx/error.log http://example.com/index.php?page=/var/log/vsftpd.log http://example.com/index.php?page=/var/log/sshd.log http://example.com/index.php?page=/var/log/auth http://example.com/index.php?page=/var/log/mail http://example.com/index.php?page=/var/log/httpd/error_log http://example.com/index.php?page=/usr/local/apache/log/error_log […]