Preetham Bomma – Medium

Preetham Bomma

Published in

InfoSec Write-ups

SVG SSRFs and saga of bypasses

Hi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for…

Apr 11, 2022

SVG SSRFs and saga of bypasses

Apr 11, 2022

Published in

InfoSec Write-ups

Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover

Hi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding.

Feb 14, 2022

Hacking AWS Cognito Misconfiguration to Zero Click Account Takeover

Feb 14, 2022

Published in

InfoSec Write-ups

A story about a not-so-direct SSRF

Hi all, hope you are keeping well and staying safe. This blog is about my recent SSRF finding.

Dec 12, 2021

A story about a not-so-direct SSRF

Dec 12, 2021

Published in

InfoSec Write-ups

Remote — HackTheBox Writeup OSCP Style

Remote was an easy difficulty windows machine that featured Umbraco RCE and the famous Teamviewer’s CVE-2019–18988. Been thinking to…

Sep 5, 2020

Remote — HackTheBox Writeup OSCP Style

Sep 5, 2020

Published in

InfoSec Write-ups

ServMon — HackTheBox Writeup

Servmon is an easy difficulty windows machine retiring this week. We’ll start off by finding anonymous FTP access, gaining SSH creds from…

Jun 22, 2020

ServMon Info Card

Jun 22, 2020

Published in

InfoSec Write-ups

OpenAdmin — HackTheBox Writeup

OpenAdmin is an easy machine retiring this week. We gain an initial foothold by exploiting OpenNetAdmin RCE and escalate to user jimmy…

May 2, 2020

OpenAdmin — HackTheBox Writeup

May 2, 2020

Published in

InfoSec Write-ups

Traverxec — HackTheBox Writeup

Traverxec is an easy difficulty machine retiring this week. We gain initial access by exploiting Nostromo Directory traversal / RCE…

Apr 11, 2020

Traverxec — HackTheBox Writeup

Apr 11, 2020

Published in

InfoSec Write-ups

Registry — HackTheBox Writeup

Registry retires this week, it’s one of my favorite boxes for its unique concepts. We gain an initial foothold by enumerating the docker…

Apr 4, 2020

Registry — HackTheBox Writeup

Apr 4, 2020

Published in

InfoSec Write-ups

Postman — HackTheBoxWriteup

Postman is an easy difficulty machine, which features unauthenticated code execution on Redis, cracking encrypted SSH keys to gain user…

Mar 15, 2020

Postman — HackTheBoxWriteup

Mar 15, 2020

Published in

InfoSec Write-ups

Jarvis — HackTheBox Writeup

Jarvis was a simple and fun box. I’ll start off by finding an SQLi in one of the webpages and get a basic shell using sqlmap and then…

Nov 9, 2019

Jarvis — HackTheBox Writeup

Nov 9, 2019

Preetham Bomma

Preetham Bomma

Cyber Security Enthusiast. OSCP. Abacus grand master. Youtube:https://tinyurl.com/y7lrv89m. Box Maker. Moderator: https://tinyurl.com/y96aoulp

Following

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech