Hi, I'm epi.

These are my notes

About

My name is epi. This site is a long-overdue braindump so I can quickly reference things I often have to look up again or dig through code/notes etc to find. If any of these posts help you at all, that’s great! Please feel free to use/share anything you come across here.

Projects

Metasploit - Linux x64 Command Shell, Bind TCP Inline (IPv6)

Metasploit - Linux x64 Command Shell, Reverse TCP Inline (IPv6)

Recursive Gobuster

Weaponizing CVE-2018-15473

X64 Linux Shellcode Add Root User

Securitytube Linux Assembly Expert Coursework

Latest Post

Sep 28, 2019

HTB{ Swagshop }

Swagshop’s maker (and htb founder/CEO), ch4p, created a delightful box. It originally had at least three ways to gain RCE, though two got patched. I reached out to ch4p, and he was kind enough to explain. The patch was in response to the amount of failed shell uploads to the Magento Connect interface hosted at the /downloader endpoint. In most cases, failed attempts resulted in everyone else receiving a 503 Service Unavailable error. Read more

All Posts

Contact

If you have anything you’d like to ask or discuss, don’t hesitate to get in touch.

Twitter DMs are always open.

My current local time is .