Diya Neupane

Protesters have a right to peacefully protest and express their frustration and outrage against corruption and the government’s restriction on the right to freedom of expression including the social media ban in Nepal. Amnesty calls for the immediate de-escalation of the situation and urges the government to adopt a rights-respecting approach in the policing of protests.

The LSPP 60 Days of Learning challenge came ends here. Though it was difficult to keep going some days, I kept pushing and learnt discipline and consistency. My confidence is now boosted and my passion elevated. Glad to have participated! @lftechnology #60DaysOfLearning2025

#LSPPDay60 Learnt using Wireshark through a challenge in THM today. It involved FTP login with reused credentials, Capturing credentials in PCAP files in Wireshark and file transfer through Python HTTP Server for privilege escalation. @lftechnology #60DaysOfLearning2025

#LSPPDay59 Learnt using pivoted reverse shell through another THM challenge today. It involved using FTP anonymous login along with hydra to get user credentials and using a pyhton script to explot Codiad RCE and gain reverse shell. @lftechnology #60DaysOfLearning2025

#LSPPDay58 Solved another THM challenge today. It involved using SQL injection to bypass login, Linpeas enumeration to detect exploitable cronjobs and using it to gain reverse shell. Used doas and GTFO bins to get root access. @lftechnology #60DaysOfLearning2025

#LSPPDay57 Learnt the use of Socat to discover user's certificates and keys through another THM challenge today. Established a TLS socket connection to gain access, and used CrackStation to decode base64-encoded hashes to retrieve passwords. @lftechnology #60DaysOfLearning2025

#LSPPDay56 Just learnt how prompt injection can be used to reveal unprotected transmissions through an easy demonstration on THM. @lftechnology #60DaysOfLearning2025

#LSPPDay55 Wrapping up the privilege escalation course by learning the use of automation scripts and how they work today. Used linpeas.sh to look for basic info to internal system info and interesting files in the target machine. @lftechnology #60DayOfLearning2025

#LSPPDay54 Learnt the use of LinEnum , Ffuf for discovering vulnerabilities on target machine using another THM challenge today. Utilized php file upload vulnerability to gain reverse shell and mysql vulnerability to discover the flags. @lftechnology #60DaysOfLearning2025

#LSPPDay53 Solved another THM challenge today. Found that the system allowed python scripts injection. So, used that info to gain a shell , and wrote programs to enumerate admin username and password(using fuzz) finally getting the flags. @lftechnology #LearningWithLeapfrog2025

@prabeshguragai @pantshaswat @sxynix_anish @g_shashinoor @AnishSubed21333 @sidartchy DSP chhutyo last ko category ma

Yesso kta haru sanga tiermaker.com/create/compute… #TierMaker @pantshaswat @sxynix_anish @g_shashinoor @AnishSubed21333 @sidartchy

#LSPPDay52 Today, I learnt about Kernel Exploits. Used Linux Exploit Suggestor 2 to look for exploits and found a popular Dirty Cow exploit, compiled it using gcc and ran it in target machine. @lftechnology #60DaysOfLearning2025 #learningwithleapfrog

#LSPPDay51 Solved another THM challenge today! I analyzed the server using AES-CBC encryption and found it leaked encrypted user input.I used a bit-flip attack on the ciphertext and created admin credentials to retrieve the flag. @lftechnology #60DaysOfLearning2025

#LSPPDay50 Solved a THM challenge today. It involved continuously creating payloads and using three exploits on a windows machine simultaneously. Also learnt to create a background session and use exploit suggestor in metaspoilt. @lftechnology #60DaysOfLearning2025

#LSPPDay49 Today, learned the use of history files , config files and SSH keys hashes to gain user passwords in target machine. It involved getting access of a target machine and enumerating /history , /config , /.sh directories. @lftechnology #60DaysOfLearning2025

#LSPPDay48 Today, I learnt how one can use NFS to access the target machine as a root using disabled root_squash option. Used msfvenom to create an exploit and ran it in target machine easily using this misconfiguration. @lftechnology #60DaysOfLearning2025

#LSPPDay47 Learnt about how we can use misconfigured SUID/SGID for Linux privilege escalation and the difference between them today. Learnt the use of shell escaping, path variable injection and shared object overtake simultaneously. @lftechnology #60DaysOfLearning2025

#LSPPDay46 Learnt about Cron Job exploitation today. Learned how to detect CronJob files using crontab, ls -la command, and pspy, followed by their exploitation using overwriting the path variable and using wildcards. @lftechnology #60DaysOfLearning2025 #learningwithleapfrog

#LSPPDay45 Today , I learned how we can use Sudo misconfigurations for privilege escalation. Used Shell escaping , Intended functionality , GTFO bins and Misconfigured Environment variables to gain root access. @lftechnology #60DaysOfLearning2025 #learningwithleapfrog

Found this GOLD playlist today! Check it out if you too struggle with privilege escalation in Linux. Link : youtube.com/playlist?list=…