Skip to main content

One post tagged with "Authentication"

Authentication is the process of verifying the identity of an entity (e.g., user, device, or service) by checking their credentials against a set of predefined rules and criteria. This involves confirming that the entity possesses specific attributes or characteristics, such as username and password, public key, or biometric data, to ensure they are who they claim to be. Successful authentication grants access to resources, systems, or services, while failed authentication denies access and helps prevent unauthorized activity.

View All Tags

HTB | Base | Write-Up

· 14 min read

Summary:

We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.

Machine Name: Base | Difficulty: Easy | OS: Linux