Pawan ChhabriaHow I chained multiple bugs to maximize the impact (Default Credentials -> Reverse Connection->…Hello All, In the previous blog post, we saw how basic recon on Shodan helped us in finding tomcat service which was running on port 8082…Apr 1, 20231Apr 1, 20231
Pawan ChhabriainInfoSec Write-upsHow I escalated default credentials to Remote Code ExecutionHello All, We all know Recon is very important to get P1 bugs. Shodan and Censys are probably the best search engines. I have been testing…Mar 26, 20234Mar 26, 20234
Pawan ChhabriaHow I accessed the Sensitive document which I had already deletedHello All, this is my third writeup. I have already published two writeups which are How I was able to access a properly Configured S3…Dec 4, 2021Dec 4, 2021
Pawan ChhabriainInfoSec Write-upsMy First Pre-Auth Account Takeover in 20 secsHello All, this is my first account takeover writeup and I hope it helps everyone. Taking over another user’s account is something that…Nov 23, 20212Nov 23, 20212
Pawan ChhabriaHow I was able to access a properly Configured S3 BucketHello AllOct 29, 20211Oct 29, 20211