Tag: Database-Enumeration | Yw4rf

2024-11-19

Sequel - Exploiting Unauthenticated MariaDB Access (A07:2021)

Technical writeup detailing the compromise of the Sequel machine. The methodology focuses on Nmap scanning to identify the exposed MariaDB service (version 10.3) on port 3306. The system is exploited due to a critical Identification and Authentication Failure (OWASP A07:2021) allowing unauthenticated root login. The process concludes with database enumeration (SHOW DATABASES, USE htb, SELECT * FROM config) to retrieve the flag.

HackTheBox MariaDB MySQL Port-3306 Unauthenticated-Access OWASP-A07 Database-Enumeration Linux-Exploitation
2024-09-05

Redeemer - Exploiting Unauthenticated Redis Access

Technical writeup detailing the compromise of the Redeemer machine. The methodology focuses on Nmap scanning to identify the exposed Redis service on port 6379, exploiting the lack of required authentication to connect directly using 'redis-cli', enumerating the key-value store with INFO and KEYS *, and retrieving the flag.

HackTheBox Redis Port-6379 Unauthenticated-Access NoAuth-Redis redis-cli Database-Enumeration