Command-Injection on João Vítor Moutinho Bonin

Command-Injection on João Vítor Moutinho Bonin https://joaobonin.com/tags/command-injection/ Recent content in Command-Injection on João Vítor Moutinho Bonin Hugo en Fri, 15 May 2026 00:00:00 -0300 HTB: Busqueda - OSCP Prep Write-up https://joaobonin.com/posts/htb-busqueda/ Fri, 15 May 2026 00:00:00 -0300 https://joaobonin.com/posts/htb-busqueda/ Write-up for HackTheBox machine Busqueda - version disclosure leads to a Searchor 2.4.0 command injection exploit for foothold, then a Linux kernel exploit (DirtyFrag) for root. HTB: CozyHosting - OSCP Prep Write-up https://joaobonin.com/posts/htb-cozyhosting/ Fri, 15 May 2026 00:00:00 -0300 https://joaobonin.com/posts/htb-cozyhosting/ Write-up for HackTheBox CozyHosting - leaking a Spring Boot session via an exposed actuator endpoint, bypassing whitespace filtering with ${IFS} for RCE, and escaping to root through a GTFOBins SSH ProxyCommand trick.