2 posts tagged with "Authentication Bypass"

Authentication bypass is a type of attack where an attacker subverts or circumvents authentication mechanisms, such as passwords or tokens, to gain unauthorized access to a system or application. This can be achieved through vulnerabilities in the authentication process, weak password policies, or by exploiting other security weaknesses to assume a legitimate identity. As a result, attackers can access sensitive data, execute malicious code, or perform actions with elevated privileges without being detected.

View All Tags

HTB | Base | Write-Up

May 25, 2023 · 14 min read

Summary:

We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.

Machine Name: Base | Difficulty: Easy | OS: Linux

HTB | Oopsie | Write-Up

May 11, 2023 · 16 min read

Summary:

This article guides users through completing the Oopsie machine challenge on Hack The Box. The steps outline a hacking scenario, from initial connection testing and scanning to exploiting vulnerabilities in a web application, including IDOR, cookie manipulation, and SUID exploitation, ultimately leading to gaining admin access and finally grabbing the root flag.

Machine Name: Oopsie | Difficulty: Easy | OS: Linux

Summary:​

Summary:​

Summary:

Summary: