Harutomo

Harutomo

Malware, Hacking, Reversing

Recent Posts

Understanding Kerberoasting from Start to Finish

Kerberoasting - an attack technique first discovered almost a decade ago and yet still remains prevalent as a valid technique for password cracking and pass the hash attacks, enabling privilege escalation and lateral movement within an Active Directory environment. Due to the popularity of the attack, there have been countless tools already created to scan for and abuse Kerberoasting easily. Having seen and used this attack before many times, I wanted to take the time to go in-depth and explain how it works!

CVE-2025-29927

CVE-2025-29927 is a vulnerability in the middleware component of the popular Javascript framework Next.js; affecting a broad spectrum of versions from Next.js v11.x all the way up to v15.x. What is exceptionally fascinating about this vulnerability in particular is the ease of execution, the length of time it was left undetected, and the devestating implications of its potential exploitation with the capability to entirely bypass authentication mechanisms to view content that would otherise be restricted.

BusyBox - An Overlooked Tool For Netcat Reverse Shells

Whether it be in a real engagement or CTF-style box, when a hacker acquires remote code execution on a machine, we want to do is retrieve a reverse shell quickly and efficiently. One of the methods that I first learned was using netcat with the infamous -e flag to execute a binary after making a successful connection. However in most modern Linux systems come with the OpenBSD version of netcat which lacks the crucial -e flag.

CVE-2024-53677

CVE-2024-53677 is a file upload vulnerability due to the parameter binding logic in the FileUploadInterceptor interceptor class of Apache Struts (Struts2). An attacker can manipulate file upload parameters to enable path traversal and under certain circumstances can lead to uploading a malicious file that can be used for RCE. The flaw lies in the Struts 2 file upload mechanism. This allows attackers to manipulate file upload parameters, leading to unauthorized file placement and potentially remote code execution.