Summary Flow contains a MLFlow install with several different vulnerabilities one of which allows for local file inclusion. After gaining a user shell by viewing ssh keys you’ll find the user has sudo privileges for a single set of options for a powerful command. This command can be abused to obtain root in one of two ways. I happened to stumble upon an interesting Python related one that differs from the intended machine solution. Read more...

I registered “2600.moe” with Namecheap late in 2024 in order to test some google workspace functions for consulting work I was doing. I chose this by combining an object on my desk (an Issue of 2600: The Hacker Quarterly) and a silly top-level domain, dot moe. The dot moe TLD became available for registration halfway through 2014, almost at the exact moment I began to dig much deeper into computers and internet subcultures at large. Read more...