Linux-Services
Found 5 related articles.
Back to Categories- 2024-11-21
Three - S3 Bucket Misconfiguration and Remote Code Execution via AWS CLI
Technical writeup detailing the compromise of the Three machine. The methodology involves identifying an exposed subdomain (s3.thetoppers.htb) pointing to an AWS S3 bucket. Exploitation is achieved by leveraging a misconfigured access policy via the AWS CLI to perform an arbitrary file upload of a PHP webshell. Remote Code Execution (RCE) is then established using the webshell, leading to full system access as the www-data user.
- 2024-11-19
Sequel - Exploiting Unauthenticated MariaDB Access (A07:2021)
Technical writeup detailing the compromise of the Sequel machine. The methodology focuses on Nmap scanning to identify the exposed MariaDB service (version 10.3) on port 3306. The system is exploited due to a critical Identification and Authentication Failure (OWASP A07:2021) allowing unauthenticated root login. The process concludes with database enumeration (SHOW DATABASES, USE htb, SELECT * FROM config) to retrieve the flag.
- 2024-10-15
Source - Webmin 1.890 RCE (CVE-2019-15107) Exploitation
Technical writeup detailing the immediate compromise of the Source machine by exploiting the Webmin service running on port 10000. The vulnerability leveraged is the unauthenticated Remote Code Execution (RCE) backdoor in Webmin versions 1.882 < 1.921 (CVE-2019-15107). Exploitation is achieved by running a public exploit to gain direct root access and establishing a reverse shell for full system control.
- 2024-09-05
Redeemer - Exploiting Unauthenticated Redis Access
Technical writeup detailing the compromise of the Redeemer machine. The methodology focuses on Nmap scanning to identify the exposed Redis service on port 6379, exploiting the lack of required authentication to connect directly using 'redis-cli', enumerating the key-value store with INFO and KEYS *, and retrieving the flag.
- 2024-09-04
Fawn - Exploiting Anonymous FTP Login
Technical writeup detailing the compromise of the Fawn machine. The methodology focuses on Nmap scanning to identify the exposed FTP service (vsftpd 3.0.3) on port 21, exploiting the 'Anonymous FTP Login Allowed' setting to gain unauthenticated access, and retrieving the flag via standard FTP file transfer protocols.