Pawan ChhabriaHow I chained multiple bugs to maximize the impact (Default Credentials -> Reverse Connection->…Hello All, In the previous blog post, we saw how basic recon on Shodan helped us in finding tomcat service which was running on port 8082…4 min read·Apr 1, 2023--1--1
Pawan ChhabriainInfoSec Write-upsHow I escalated default credentials to Remote Code ExecutionHello All, We all know Recon is very important to get P1 bugs. Shodan and Censys are probably the best search engines. I have been testing…3 min read·Mar 26, 2023--4--4
Pawan ChhabriaHow I accessed the Sensitive document which I had already deletedHello All, this is my third writeup. I have already published two writeups which are How I was able to access a properly Configured S3…4 min read·Dec 4, 2021----
Pawan ChhabriainInfoSec Write-upsMy First Pre-Auth Account Takeover in 20 secsHello All, this is my first account takeover writeup and I hope it helps everyone. Taking over another user’s account is something that…3 min read·Nov 23, 2021--2--2
Pawan ChhabriaHow I was able to access a properly Configured S3 BucketHello All3 min read·Oct 29, 2021--1--1