Preetham BommainInfoSec Write-upsSVG SSRFs and saga of bypassesHi all, hope you are keeping well and staying safe. This blog is about my recent experiences with SVG, HTML to PDF SSRF, and bypasses for…Apr 11, 2022Apr 11, 2022
Preetham BommainInfoSec Write-upsHacking AWS Cognito Misconfiguration to Zero Click Account TakeoverHi all, hope you are keeping well and staying safe. This blog is about my recent Account Takeover finding.Feb 14, 2022Feb 14, 2022
Preetham BommainInfoSec Write-upsA story about a not-so-direct SSRFHi all, hope you are keeping well and staying safe. This blog is about my recent SSRF finding.Dec 12, 2021Dec 12, 2021
Preetham BommainInfoSec Write-upsRemote — HackTheBox Writeup OSCP StyleRemote was an easy difficulty windows machine that featured Umbraco RCE and the famous Teamviewer’s CVE-2019–18988. Been thinking to…Sep 5, 20201Sep 5, 20201
Preetham BommainInfoSec Write-upsServMon — HackTheBox WriteupServmon is an easy difficulty windows machine retiring this week. We’ll start off by finding anonymous FTP access, gaining SSH creds from…Jun 22, 2020Jun 22, 2020
Preetham BommainInfoSec Write-upsOpenAdmin — HackTheBox WriteupOpenAdmin is an easy machine retiring this week. We gain an initial foothold by exploiting OpenNetAdmin RCE and escalate to user jimmy…May 2, 2020May 2, 2020
Preetham BommainInfoSec Write-upsTraverxec — HackTheBox WriteupTraverxec is an easy difficulty machine retiring this week. We gain initial access by exploiting Nostromo Directory traversal / RCE…Apr 11, 2020Apr 11, 2020
Preetham BommainInfoSec Write-upsRegistry — HackTheBox WriteupRegistry retires this week, it’s one of my favorite boxes for its unique concepts. We gain an initial foothold by enumerating the docker…Apr 4, 2020Apr 4, 2020
Preetham BommainInfoSec Write-upsPostman — HackTheBoxWriteupPostman is an easy difficulty machine, which features unauthenticated code execution on Redis, cracking encrypted SSH keys to gain user…Mar 15, 2020Mar 15, 2020
Preetham BommainInfoSec Write-upsJarvis — HackTheBox WriteupJarvis was a simple and fun box. I’ll start off by finding an SQLi in one of the webpages and get a basic shell using sqlmap and then…Nov 9, 2019Nov 9, 2019