Tag: Unauthenticated-Access | Yw4rf

2024-11-19

Sequel - Exploiting Unauthenticated MariaDB Access (A07:2021)

Technical writeup detailing the compromise of the Sequel machine. The methodology focuses on Nmap scanning to identify the exposed MariaDB service (version 10.3) on port 3306. The system is exploited due to a critical Identification and Authentication Failure (OWASP A07:2021) allowing unauthenticated root login. The process concludes with database enumeration (SHOW DATABASES, USE htb, SELECT * FROM config) to retrieve the flag.

HackTheBox MariaDB MySQL Port-3306 Unauthenticated-Access OWASP-A07 Database-Enumeration Linux-Exploitation
2024-09-05

Dancing - Exploiting Unauthenticated SMB Shares

Technical writeup detailing the initial compromise of the Dancing machine. The methodology focuses on thorough Nmap scanning to identify exposed SMB services (ports 139, 445), leveraging the 'smbclient' tool to enumerate and gain unauthorized access to publicly accessible network shares (WorkShares), and retrieving sensitive data (flags/notes) due to weak share permissions.

HackTheBox Windows-Exploitation SMB-Vulnerability Port-445 Unauthenticated-Access smbclient Enumeration
2024-09-05

Redeemer - Exploiting Unauthenticated Redis Access

Technical writeup detailing the compromise of the Redeemer machine. The methodology focuses on Nmap scanning to identify the exposed Redis service on port 6379, exploiting the lack of required authentication to connect directly using 'redis-cli', enumerating the key-value store with INFO and KEYS *, and retrieving the flag.

HackTheBox Redis Port-6379 Unauthenticated-Access NoAuth-Redis redis-cli Database-Enumeration