Tag: Credential-Disclosure | Yw4rf

2024-11-20

Crocodile - FTP Anonymous Login and Credential Disclosure

Technical writeup detailing the compromise of the Crocodile machine. Initial access is achieved by exploiting the Anonymous FTP login vulnerability on the vsFTPd 3.0.3 service (21/tcp) to disclose files containing credentials (allowed.userlist and allowed.userlist.passwd). Web enumeration via Gobuster reveals a hidden '/login.php' endpoint. The disclosed 'admin' credentials are used to access the web panel and retrieve the flag, completing the box.

HackTheBox FTP FTP-Anonymous vsFTPd Credential-Disclosure Information-Disclosure Web-Enumeration Gobuster Linux-Exploitation
2024-10-20

Cap - PCAP Analysis, FTP Credential Disclosure, and cap_setuid Privilege Escalation

Technical writeup detailing the compromise of the Cap machine. Initial access is achieved by enumerating a web application that provides downloadable .PCAP network capture files. Tshark analysis of a specific PCAP file reveals FTP credentials in plaintext. These credentials are used to gain SSH access as the 'nathan' user. Privilege escalation to root is achieved by exploiting the 'cap_setuid' capability set on the /usr/bin/python3.8 binary, allowing arbitrary user ID change to 0 (root).

HackTheBox Tshark PCAP-Analysis FTP-Exploitation Credential-Disclosure cap_setuid Linux-Capabilities Privilege-Escalation Python-Exploitation