Portfolio
Projects
Automates mailing new released CVEs to red team customers
https://github.com/0xdak/ethernaut-challenges-completed
My final solutions for Ethernaut CTF to improve my skills on web3 smart contracts.
https://github.com/0xdak/autowsdl
Automates penetration testing of web services (Python)
https://github.com/0xdak/go-fuzzer
Allows fuzzing to be performed remotely, efficiently manages the process, and supports parallel scanning.
Inventory tracking system for usage at corporate companies
Vulnerable Machines I’ve Built
Below are the vulnerable machines I prepared for OffSec.
https://portal.offsec.com/machine/cve-2024-53376-192597/overview
This lab challenges you to exploit a command injection vulnerability in CyberPanel 2.3.7, allowing execution of commands as root. By intercepting HTTP requests and modifying the phpSelection field, you will gain a reverse shell on the target system, ultimately retrieving the root flag. This scenario simulates a real-world privilege escalation attack against a vulnerable web management panel.
https://portal.offsec.com/machine/leyla-187309/overview
The Leyla lab explores the exploitation of a vulnerable web application featuring Server-Side Template Injection (SSTI) and a WordPress plugin flaw (CVE-2024-8352). Begin by gaining a foothold through SSTI to execute arbitrary code and read local files. Progress to privilege escalation by leveraging a Directory Traversal vulnerability in the Social Web Suite plugin to retrieve sensitive data, leading to root access.
https://portal.offsec.com/machine/jordak-185720/overview
Approaches for identifying potential vulnerabilities are utilized in this lab. The focus is on exploiting CVE-2023-26469, practicing privilege escalation, and abusing SUDO permissions for unauthorized access. This lab emphasizes understanding and exploiting vulnerabilities to enhance security awareness.
https://portal.offsec.com/machine/vmdak-185278/overview
Methods for uncovering potential vulnerabilities are employed in this lab. It focuses on web enumeration, web exploitation, and MySQL enumeration, along with practicing privilege escalation for unauthorized access. This lab emphasizes understanding and exploiting vulnerabilities to enhance security awareness.