Tag: Authentication-Bypass | Yw4rf

2025-03-03

Internship - Multi-Stage Exploitation via SQLi and Steganography

Technical writeup covering multi-stage compromise of the 'Internship' challenge. The methodology progresses from SQL Injection authentication bypass and user data extraction to a targeted SSH brute-force attack (Hydra). Privilege escalation involves script modification for horizontal movement, culminating in steganography analysis (Steghide) for final root access.

DockerLabs SQL-Injection Authentication-Bypass Hydra SSH-Brute-Force Privilege-Escalation Steganography Steghide Linux
2024-11-18

Appointment - Authentication Bypass via SQL Injection (SQLi)

Technical writeup detailing the compromise of the Appointment machine. The primary vulnerability is an Authentication Bypass via SQL Injection (SQLi) affecting the web application's login form. By injecting the payload 'admin'#' into the username field, the SQL query is manipulated to bypass the password check, allowing unauthenticated access as the admin user to retrieve the flag.

HackTheBox Very-Easy SQLi SQL-Injection Authentication-Bypass Auth-Bypass Web-Exploitation Apache PHP