Tag: Information-Disclosure | Yw4rf

2024-11-20

Crocodile - FTP Anonymous Login and Credential Disclosure

Technical writeup detailing the compromise of the Crocodile machine. Initial access is achieved by exploiting the Anonymous FTP login vulnerability on the vsFTPd 3.0.3 service (21/tcp) to disclose files containing credentials (allowed.userlist and allowed.userlist.passwd). Web enumeration via Gobuster reveals a hidden '/login.php' endpoint. The disclosed 'admin' credentials are used to access the web panel and retrieve the flag, completing the box.

HackTheBox FTP FTP-Anonymous vsFTPd Credential-Disclosure Information-Disclosure Web-Enumeration Gobuster Linux-Exploitation
2024-10-20

TwoMillion - API Enumeration, Information Disclosure, and Kernel Privilege Escalation (CVE-2023-0386)

Technical writeup detailing the compromise of the TwoMillion machine. Initial access involves decoding ROT13-encrypted data from JavaScript to find an API endpoint, followed by manipulating API parameters to gain administrator privileges via Insecure Direct Object Reference (IDOR), leading to a reverse shell injection. Local Privilege Escalation is achieved by disclosing plaintext credentials from a '.env' file for SSH access, and finally, exploiting the unpatched Linux Kernel vulnerability, CVE-2023-0386 (OverlayFS/FUSE), to gain root privileges.

HackTheBox API-Exploitation Information-Disclosure BurpSuite ROT13 LFI ENV-File-Disclosure CVE-Exploitation Kernel-Privesc OverlayFS Linux-Exploitation