Tag: Weak-Credentials | Yw4rf

2024-10-09

BreakMySSH - Exploiting OpenSSH CVE-2018-15473 for Root Access

Technical writeup detailing the compromise of the BreakMySSH challenge. Methodology covers Nmap scanning, exploiting the OpenSSH 7.7 Username Enumeration vulnerability (CVE-2018-15473) to identify a valid user, followed by a targeted password brute-force attack using Hydra to gain root access.

DockerLabs SSH Linux CVE-Exploitation Username-Enumeration Hydra Brute-Force Weak-Credentials
2024-09-03

Meow - Exploiting Weak Credentials via Telnet (Port 23)

Technical writeup detailing the compromise of the Meow machine. The methodology involves Nmap scanning to identify the exposed Telnet service on port 23 and exploiting weak, unauthenticated credentials (root access with no password) to gain immediate root control and retrieve the flag.

HackTheBox Telnet Weak-Credentials Port-23 Remote-Access Linux-Exploitation