Preetham BommainInfoSec Write-upsSVG SSRFs and saga of bypassesHi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for…·4 min read·Apr 11, 2022----
Preetham BommainInfoSec Write-upsHacking AWS Cognito Misconfiguration to Zero Click Account TakeoverHi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding.·4 min read·Feb 14, 2022----
Preetham BommainInfoSec Write-upsA story about a not-so-direct SSRFHi all, hope you are keeping well and staying safe. This blog is about my recent SSRF finding.·3 min read·Dec 12, 2021----
Preetham BommainInfoSec Write-upsRemote — HackTheBox Writeup OSCP StyleRemote was an easy difficulty windows machine that featured Umbraco RCE and the famous Teamviewer’s CVE-2019–18988. Been thinking to…4 min read·Sep 5, 2020--1--1
Preetham BommainInfoSec Write-upsServMon — HackTheBox WriteupServmon is an easy difficulty windows machine retiring this week. We’ll start off by finding anonymous FTP access, gaining SSH creds from…6 min read·Jun 22, 2020----
Preetham BommainInfoSec Write-upsOpenAdmin — HackTheBox WriteupOpenAdmin is an easy machine retiring this week. We gain an initial foothold by exploiting OpenNetAdmin RCE and escalate to user jimmy…4 min read·May 2, 2020----
Preetham BommainInfoSec Write-upsTraverxec — HackTheBox WriteupTraverxec is an easy difficulty machine retiring this week. We gain initial access by exploiting Nostromo Directory traversal / RCE…4 min read·Apr 11, 2020----
Preetham BommainInfoSec Write-upsRegistry — HackTheBox WriteupRegistry retires this week, it’s one of my favorite boxes for its unique concepts. We gain an initial foothold by enumerating the docker…8 min read·Apr 4, 2020----
Preetham BommainInfoSec Write-upsPostman — HackTheBoxWriteupPostman is an easy difficulty machine, which features unauthenticated code execution on Redis, cracking encrypted SSH keys to gain user…5 min read·Mar 15, 2020----
Preetham BommainInfoSec Write-upsJarvis — HackTheBox WriteupJarvis was a simple and fun box. I’ll start off by finding an SQLi in one of the webpages and get a basic shell using sqlmap and then…5 min read·Nov 9, 2019----