Bypass PHP File Upload Filters on Apache

Apache is one of the most popular http server nowadays. It hosts a hundreds of thousands applications, most of them written in PHP. Today I will present you how to bypass PHP file upload filters using MIME-type configuration changes. This short directive, or, depends on service version, tells httpd to specify the Content-Type header for … Read more

Windows privilege escalation: Unquoted Service Path

🤓Title: Windows privilege escalation: Unquoted Service Path 🤓Vulnerability: privilege escalation 🤓Description: In Microsoft Windows when a service whose executable path contains spaces and isn’t enclosed within quotes, leads to a vulnerability known as Unquoted Service Path. The processthreadsapi.h creates a new process and its primary thread. The new process runs in the security context of the … Read more

Steganography for hackers. Part 1: Alternate Data Stream

Steganography is the practice of concealing information within another message or physical object to avoid detection. This is well known technique used for hiding data, including text, image, video, or audio content inside another content. That hidden data is then might be easy extracted at its destination. Under Windows OS, the NTFS file system has a … Read more