Oracle Command Execution – From SYS to shell!
As it has come up a few times in my personal engagements, I figured it was time to do a writeup on Oracle command execution.
As it has come up a few times in my personal engagements, I figured it was time to do a writeup on Oracle command execution.
Exploiting init.d scripts based on security misconfigurations is a common, and generally easier to exploit, vector for privilege escalation. I’d like to cover an example of such an exploit this week, as well as an easy way to come across these.
Since I’m all settled back in the states, it was finally time for my new desktop assembly.
Continuing with the theme of improving my website and hosting, I transferred my domain to Google and setup a Let’s Encrypt certificate this past week.