Skip to content
Exploit Notes
FUEL CMS Pentesting
Initializing search
GitHub
Exploit Notes
GitHub
Introduction
Disclaimer
Privacy Policy
Exploit
Exploit
Archives
Archives
7z Password Cracking
Rar
Tar
Zip Password Cracking
Zip & Unzip
Audio
Audio
Spectrogram
SSTV (Slow-scan Television)
Backup
Backup
BorgBackup Pentesting
Blockchain
Blockchain
Ethereum
Ethereum
Interact with Ethereum using Foundry
Interact with Ethereum using Python
Smart contract
Smart contract
Smart Contract Attack Methodology
Contract Address Recovery
Delegatecall Attack
DoS Attack for Smart Contract
Reentrancy Attack
Self Destruct Attack
Solidity Assembly
Solidity Overflow & Underflow
Solidity Storage Values Analysis
Tx Origin Attack
Cloud
Cloud
AWS Pentesting
Azure Pentesting
GCP (Google Cloud Platform) Pentesting
Container
Container
Docker
Docker
Docker Pentesting
Docker Engine API Pentesting
Docker Escape
Docker Registry Pentesting
Moby Docker Engine Privilege Escalation
Kubernetes
Kubernetes
Kubernetes Pentesting
MicroK8s Pentesting
Cryptography
Cryptography
Cryptography Basic
PowerShell Credentials
Algorithm
Algorithm
AES-CBC Bit Flipping Attack
AES-CBC Padding Oracle Attack
AES-ECB Padding Attack
Ansible Vault Secret
Atbash Cipher
DES (Data Encryption Standard)
Diffie hellman key exchange
GPG (GNU Privacy Guard)
KDBX Files
Kerberos TGT Cracking
NTLM, NTLMv2
PGP (Pretty Good Privacy)
PKCS (Public-Key Cryptography Standards)
ROT13, ROT47
RPNG (Pseudo Random Number Generator) Guessing
RSA (Rivest Shamir Adleman)
SHA1 Hash Collision Attack
SHA1, SHA256, SHA512
Key derivation functions
Key derivation functions
Bcrypt
PBKDF2
Scrypt
Math
Math
Chinese Remainder Theorem
Exponentiation
GCD (Greatest Common Divisor)
Modular Congruence
Quadratic Residue
Tool
Tool
John the Ripper
Password Safe Pentesting
Database
Database
CouchDB Pentesting
InfluxDB Pentesting
MongoDB Pentesting
MSSQL (Microsoft SQL) Pentesting
MySQL Pentesting
Neo4j Pentesting
PostgreSQL Pentesting
Redis Pentesting
SQLite Pentesting
Dns
Dns
DNS (Domain Name Systems) Pentesting
mDNS (Multicast DNS) Pentesting
Email
Email
IMAP (Internet Message Access Protocol) Pentesting
POP (Post Office Protocol) Pentesting
Receive Email as Another Address
SMTP (Simple Mail Transfer Protocol) Pentesting
Game
Game
Chess Game Cheating
Minecraft Server Pentesting
WebAssembly Games Hacking
Hardware
Hardware
Firmware Analysis
Gerber (GBR) Files
MQTT Pentesting
NETGEAR Pentesting
SAL Logic Analysis
Linux
Linux
Fork Bomb
Ghidra Debug Mode RCE
X11 (X Window System) Pentesting
Post exploitation
Post exploitation
Backdoors in Linux
Cover Your Tracks in Linux
Pivoting in Linux
Privilege escalation
Privilege escalation
Linux Privilege Escalation
Ansible Playbook Privilege Escalation
Apache Conf Privilege Escalation
Bash eq Privilege Escalation
Buffer Overflow Privilege Escalation
Chrome Remote Debugger Privilege Escalation
Doas Privilege Escalation
Gnuplot Privilege Escalation
irb (Interactive Ruby Shell) Privilege Escalation
LXC/LXD (Linux Container/Daemon) Privilege Escalation
OpenSSL Privilege Escalation
Pip Download Code Execution
PolKit Privilege Escalation
Python Eval Code Execution
Python Jails Escape
Python Yaml Privilege Escalation
Python Privilege Escalation
Ruby Privilege Escalation
Rust Privilege Escalation
Shared Library Hijacking
SSSD Privilege Escalation
Tar Wildcard Injection PrivEsc
Update-Motd Privilege Escalation
Sudo
Sudo
Sudo Privilege Escalation
Sudo ClamAV Privilege Escalation
Sudo Curl Privilege Escalation
Sudo Dstat Privilege Escalation
Sudo Exiftool Privilege Escalation
Sudo Fail2ban-Client Privilege Escalation
Sudo Fail2ban Privilege Escalation
Sudo Git Privilege Escalation
Sudo Java Privilege Escalation
Sudo OpenVPN Privilege Escalation
Sudo Path Traversal Privilege Escalation
Sudo Reboot Privilege Escalation
Sudo Screen Privilege Escalation
Sudo Service Privilege Escalation
Sudo Privilege Escalation by Overriding Shared Library
Sudo Shutdown, Poweroff Privilege Escalation
Sudoedit Privilege Escalation
Sudo Systemctl Privilege Escalation
Sudo Tee Privilege Escalation
Sudo Umount Privilege Escalation
Sudo Vim Privilege Escalation
Sudo Wall Privilege Escalation
Sudo Wget Privilege Escalation
Machine learning
Machine learning
Jupyter Notebook Pentesting
Orange Data Mining
Read HDF5 (H5) File
Read PT File
Computer vision
Computer vision
Image Analysis for Machine Learning
Image Manipulation for Machine Learning
Image Recognition Bypass for Machine Learning
Data processing
Data processing
Cluster Analysis for Machine Learning
Data Manipulation for Machine Learning
Data Visualization for Machine Learning
Dimensionality Reduction for Machine Learning
Model
Model
Create Malicious ML Model
Model analysis
Pickle Code Injection
Mobile
Mobile
Android
Android
Android Pentesting
Connect to Android Device from PC using SSH
Network
Network
Networking
Apache Hadoop Pentesting
ARP (Address Resolution Protocol) Spoofing
EthernetIP Pentesting
FastCGI Pentesting
Firewall
gRPC Pentesting
ReDoS (Regular Expression Denial of Service)
Rsync Pentesting
Port forwarding
Port forwarding
Port Forwarding using Chisel
Port Forwarding using Plink
Port Forwarding using Socat
Port Forwarding with SSH
Protocol
Protocol
AMQP (Advanced Message Queuing Protocol)
DHCP (Dynamic Host Configuration Protocol) Pentesting
FTP (File Transfer Protocol) Pentesting
IRC (Internet Relay Chat) Pentesting
Memcache Pentesting
Modbus Pentesting
NFS (Network File System) Pentesting
NTP (Network Time Protocol) Pentesting
PPTP Pentesting
Restricted Shell (rbash, rzsh) Bypass
RTSP (Real Time Streaming Protocol) Pentesting
SNMP (Simple Network Management Protocol) Pentesting
SSH (Secure Shell) Pentesting
Telnet Pentesting
TFTP (Trivial File Transfer Protocol) Pentesting
UPnP (Universal Plug and Play) Pentesting
VNC (Virtual Network Computing) Pentesting
WASTE Pentesting
Shell
Shell
Upgrade to Fully Interactive TTY
Reverse Shell Cheat Sheet
Reverse Shell using Metasploit
Reverse Shell using Pwncat
Web Reverse Shell
Tool
Tool
Convert PuTTY Key to OpenSSH Key
Decrypt SolarPuTTY Sessions Files
Tshark Cheat Sheet
Wireshark Cheat Sheet
Vpn
Vpn
IPsec VPN Pentesting
OpenVPN Troubleshooting
Wifi
Wifi
WiFi Hacking
WiFi Password Recovery
Printer
Printer
IPP (Internet Printing Protocol) Pentesting
Raw Printing Pentesting
Privacy
Privacy
Tor
Tor
Anonymize Traffic with Tor
Reconnaissance
Reconnaissance
Reconnaissance
Find Leaked API Keys
Port Scan
Email
Email
Email Analysis
Osint
Osint
OSINT (Open Source Intelligence)
GitHub Dorks
Google Dorks
IMINT (Image Intelligence) and GEOINT (Geospatial Intelligence)
Subdomain
Subdomain
Subdomain Discovery
Subdomain Takeover
Steganography
Steganography
Steganography
Image File Reparing
Morse OCR
Version control
Version control
Git
Git
Git GitHub Pentesting
Gitea Pentesting
Gogs Pentesting
Virtual machine
Virtual machine
VM (Virtual Machine) Escape
Web
Web
Web Basic Pentesting
Apache ActiveMQ Pentesting
Apache Tomcat Pentesting
Apache Zeppelin Pentesting
API Pentesting
Atlassian Confluence Pentesting
Blind XXE
Bookmarklet Attack
Broken Access Control
Broken Link Hijacking
Business Logic Attack
Cacti Pentesting
Captcha Bypass with OCR
CGI Pentesting
Client/Server Side Filter Bypass
Client-Side JavaScript Validation Bypass
ClipBucket Pentesting
Code Deobfuscation
Codiad Pentesting
Cookie Hijacking
CORS (Cross-Origin Resource Sharing) Attack
CSRF (Cross-Site Request Forgery)
Directory (Path) Traversal
DOM Cloberring
Dompdf RCE
Dump Git Repository from Website
ERB SSTI
File Inclusion (LFI/RFI)
File Upload Attack on Exiftool
File Upload Attack on ImageMagick
File Upload Attack
GhostScript Pentesting
Go SSTI
Grafana Pentesting
GraphQL Pentesting
HashiCorp Consul Pentesting
Host Header Attack
HTML Smuggling
HTTP Header Injection
HTTP Rate Limit Bypass
Icinga Web Pentesting
IDOR (Insecure Direct Object References) Attack
Insecure Deserialization
JBOSS Pentesting
Jenkins Pentesting
JSON.NET Deserialization
JWT (Json Web Token) Pentesting
LaTeX Injection
LimeSurvey Pentesting
LLM Chatbot Pentesting
Log4j Pentesting
Microsoft Exchange Server Pentesting
Node.js Deserialization Attack
NoSQL Injection
OAuth Attack
Open Redirect
OpenCATS Pentesting
OS Command Injection
PHP Filters Chain
PHP hash_hmac Bypass
PHP Object Injection
PHP RCE Cheat Sheet
PHP Srand Time Abusing
Prototype Pollution in Client-Side
Prototype Pollution in Server-Side
Redis SSRF
HTTP Request Smuggling
Restaurant Management System (RMS) Pentesting
Session Fixation
SQL Injection Cheat Sheet
SQL Injection with Sqlmap
SQL Injection
SSRF (Server-Side Request Forgery)
SSTI (Server-Side Template Injection)
TeamCity Pentesting
Tiny File Manager
Virtual Hosts (VHOSTS) Enumeration
WAF (Web Application Firewall) Detection
Web Cache Deception
Web Cache Poisoning
Web Content Discovery
Web Login Bypass
Web Race Condition Attack
Web Registration (Signup) Attack
Web Server Security Misconfiguration
WebAnno Pentesting
WebDAV Pentesting
Webmin Pentesting
WebSocket Pentesting
wkhtmltopdf SSRF
XSS with Dynamic PDF
XSS (Cross-Site Scripting)
XST (Cross-Site Tracing)
XXE (XML External Entity)
Browser
Browser
Extract Web Browser Passwords
FireFox Credentials Dumping
Cms
Cms
CMS (Content Management System) Pentesting
Bolt CMS Pentesting
Cockpit CMS Pentesting
Concrete CMS Pentesting
FUEL CMS Pentesting
FUEL CMS Pentesting
Table of contents
Default Credential
Joomla CMS Pentesting
Mara CMS Pentesting
Subrion CMS Pentesting
TYPO3 Pentesting
WordPress Pentesting
Elasticsearch
Elasticsearch
Elasticsearch Pentesting
Kibana Pentesting
Framework
Framework
AJP (Apache JServ Protocol) Pentesting
Angular Pentesting
Apache Struts Pentesting
Blazor Pentesting
Django Pentesting
Flask Jinja2 Pentesting
Python Pickle RCE
Ruby on Rails Pentesting
Spring Cloud Function RCE
Spring Pentesting
Tornado Pentesting
Werkzeug Pentesting
Template engine
Template engine
JsRender Template Injection
Pug Pentesting
Tool
Tool
Add Custom HTTP Headers in Burp Suite
Automate Sequence Requests with Burp Intruder
Burp Suite Troubleshooting
SOCKS Proxy in Burp Suite
Turbo Intruder in Burp Suite
Windows
Windows
Malicious PDF
Windows Print Spooler Service
WSL Pentesting
Active directory
Active directory
Active Directory Pentesting
AD CS (Active Directory Certificate Services) Pentesting
AS-REP Roasting
Constrained Delegation Attack
DACL (Discretionary Access Control List) Attack
Kerberoasting Attack
Kerberos Pentesting
LAPS (Local Administrator Password Solution) Pentesting
LDAP Injection
LDAP (Lightweight Directory Access Protocol) Pentesting
Netlogon Elevasion
RBCD (Resource-Based Constrained Delegation) Attack
Shadow Credentials
SMB (Server Message Block) Pentesting
Forensics
Forensics
Windows Forensics
OneDrive Logs
Privilege escalation
Privilege escalation
Windows Privilege Escalation
Windows PrivEsc with AD CS
DLL Hijacking
Dumping Credentials via keymgr.dll
Dumping Credentials from Windows Vault
Dumping Windows Password Hashes
Iperius Backup Service Privilege Escalation
Kerberos
LocalPotato
Login Windows Shell
ManageEngine ADSelfService Plus PrivEsc
Outlook Reminder Privilege Escalation
Registry Keys
RemotePotato
Windows PrivEsc by Abusing SeBackupPrivilege
SPN-Jacking
Switch User on Windows
UAC Bypass
Windows PrivEsc with Unquoted Service Path
Protocol
Protocol
MSRPC (Microsoft Remote Procedure Call) Pentesting
RDP (Remote Desktop Protocol) Pentesting
WinRM (Windows Remote Management) Pentesting
Table of contents
Default Credential
FUEL CMS Pentesting
FUEL is a content management system (CMS).
Default Credential
admin:admin
Back to top