// Mimida II //
Markers and ink / Marcadores y tinta
50 cm x 70 cm / 19.6 in x 27.5 in
(2022)
seen from India
seen from United States

seen from United States

seen from Germany

seen from Brazil
seen from United States
seen from Switzerland

seen from United Kingdom

seen from Malaysia
seen from Australia
seen from China

seen from United States

seen from United States

seen from Malaysia
seen from Argentina
seen from Malaysia
seen from China
seen from Germany

seen from Russia

seen from United States
// Mimida II //
Markers and ink / Marcadores y tinta
50 cm x 70 cm / 19.6 in x 27.5 in
(2022)

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
RoguePlanet Windows Exploit Grants SYSTEM Access via Defender Race Condition
A Windows Defender race condition exploit dubbed RoguePlanet allows attackers to escalate privileges to SYSTEM on Windows 10 and 11 systems using malicious VHD(X) files over SMB. The proof-of-concept demonstrates reliable local privilege escalation and potential remote code execution paths under certain conditions.
Source: SecurityWeek | GitHub MSNightmare
Read more: CyberSecBrief
Oh yeah I& did a few cards for Civil Draft for Real Civil Engineer and you should check it out!! This project was a lot of fun to work on >:D
do not try this at home, the stunt above is performed by professional dumbass.
(and equally dumbass bestfriend who encouraged it)
Reita and Uruha
Repeated Countless Error

Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
1 year ago today I publicly released my first album. The Time Is Now. (02-20-2020)
A project I completed entirely on my own. 100% independent. No musicians, no producers, no engineers, no professional studio.
I wrote every line. I recorded every sound. I composed every measure. I mixed every beat. I mastered all of the feelings. — I designed my own artwork. I planned my own photo shoots. I edited my own photographs. — I did the legal research. I built my own website. I created my own promotion. I spent my own money.
This project took almost 4 years to complete from start to finish, while balancing life, school, and my first 3 jobs. At one point, I realized, almost nobody does all of this on their own. It is ok to ask for help. And so:
Dad, thank you for believing in me, thank you for working with me on ideas, compositions, arrangements, and sounds.
Mom, thank you for buying the first copy sold and streaming my music endlessly. Thank you for all of the love and support.
Brother, D, thank you for not giving up on me. For pushing me. For supporting me. For lending your ear, your voice, your pen, your ideas and your opinions.
My other brother, Joey C, thank you for your support. Thanks for lending me a place to record some of my earliest tracks for this project. Thanks for sitting “in the studio” with me on those cold nights bringing through the space heater and vibin.
MVG. Thank you so much. Your tireless support and motivation truly pushed me through the final stages of this project. Thank you for all the late nights researching and designing. Thank you for never saying “it’s good enough” thus pushing me to do better than even I thought I could. Thank you for listening, sharing, and promoting me and my music any chance you had.
Slime, whenever I needed you, you have always been there, for anything. Thank you for your support. Thanks for believing in my music and thank you for working so hard on helping me bring my audio landscape as close to the dreams-in-my-head as we possibly could.
Ella, thank you for all that you’ve done. From recording vocals whenever I asked to listening to my songs as soon as they were complete. Thank you for supporting me and being there, if I ever needed it.
Mike, whenever I needed inspiration, you were there to help, supplying instrumentals and sounds. One in particular found me at the perfect time. Thank you for sharing BlankIt which became Rise & Shine. Thanks for the car ride when you listened to the early instrumentals and songs to help me figure out what work remained to be done.
Alenie, thank you for being there any time that I called on you. Thank you for the ideas, suggestions, opinion, time, and effort you spent on creating designs and answering my questions.
Those who gave me a chance: Thank you to every single person that has listened to even just one of my songs. I humbly thank you for the opportunity.
Now that I got this first project out of the way, I’ve been working on some fun stuff and I can’t wait to share it all with you!
Forever Love,
Dave (the Dreamer)
Available Everywhere | Website | Instagram | Tumblr
Spotify | Apple Music | Tidal | YouTube Music
© Copyright 2020 includes sound recordings, lyrics, music and all visuals.
The fact that Uruha ISN'T aware his hagure metal smile can improve my day a lot better is pissing me off.
Uruha - Repeated Countless Errors / Swallowtail on the Death Valley
HTB - DevOops
DevOops is allegedly more difficult than OSCP but good practice; i actually found it quite easy. Probably because the vulnerabilities to exploit are pointed out.
An nmap scan reveals Gunicorn to be listening on port 5000- this is already a hint at the second attack required for the user flag as this was the same type of server I had to target for root access to Symfonos 4. Basic directory brute force further reveals the presence of three files- upload, the root of the server (index.html) and feed.
Index hints that the server uses Python at the back-end: apparently the root is feed.py while feed simply loads a png image and upload reveals a simple upload file form with reference to XML elements.
With so little to explore, it was quickly obvious that the upload form is probably vulnerable to some form of attack. I started by uploading txt and png files to observe the results- the page is simply reloaded.
This is when I thought to try uploading an XML file to the server- particularly with the hint towards what XML elements to use. 10 minutes research later and I’d put together a simple test.xml file.
I didn’t immediately jump to trying the above file: I firstly confirmed this was a vulnerability by trying to view /etc/passwd which was returned in the content element upon upload of the file.
After this, I spent half an hour or so seeing if RCE was possible through external entity attack; while it could have been if PHP was in use, it isn’t obviously so in the case of Python. This is when I remembered feed.py.
Feed.py revealed the insecure use of pickle on user supplied POST data to /newpost. After facing similar with JSON pickles in the past, I was aware that RCE was possible through this vulnerability and began working towards a reverse shell.
I learned here that things should always be tested locally first before testing them remotely: I was fiddling around with the reverse shell for an hour or two and constantly receiving error 500s. When I tried ti loally and it worked, i knew it was likely that there was something else wrong with my payload.
After 10-20 minutes, I discovered that adding the Content-Type header and setting it to text/html resulted in successful delivery of the payload (I confirmed this with a simple ping at first.)
Now I just needed to get a working payload- netcat was on the victim but a nc reverse shell resulted in immediate disconnection meaning the process was being terminated for some reason on their end. After some trial and error, I uncovered the following working payload:
I created this script from a few I found on Google. The pickle vulnerability arises form the manner in which pickle deserializes data (translating a byte stream to an object in the case of Python, an object being a list or dictionary etc.)
Objects with pickle are serialized using dumps or dump while they are deserialized using load/loads.
To achieve RCE through pickle, however, we must use the __reduce__function: it requires a callable object and an optional tuple of arguments for the called object, thus providing this to the Pickle process will executable the mentioned callable object along with the provided arguments.
The above revere shell succeeded and I had a foothold on the system as Roosa. I could have probably read the user flag back in the external entity attack; I thought I’d save it for when I had achieved RCE.
The root flag is very easy- simple enumeration of Roosa’s home directory reveals a GitHub project called ‘blogfeed’ and the presence of an RSA private key used for the project’s integration. I had my suspicions this key may be relevant and thus saved it for further use later.
Further basic enumeraton (specifically of .bash_history) shows us that Roosa screwed up at one point and accidentally submitted a relevant private key to the GitHub project. Although not an expert, I use GitHub myself and thus am aware that previous commits can be viewed.
Some research showed that it is possible to view patches (I simply refer to it as changes but hey ho) to a GitHub repo via the git log -p command. Executing this reveals the original key submitted to the repo.
From here I discovered that an RSA private key can be used in place of a password for SSH access... Perhaps we have root’s private key here? I tried this with ssh -i old-key [email protected] and sure enough we have root access.
I enjoyed this machine but I don’t feel it should be of medium difficulty- it actually took me longer on the user flag.
Also reminded myself of the importance of trying exploit payloads locally first if doable to discover the source of an error when delivering the exploit remotely.