2 posts tagged with "Information Disclosure"

Information Disclosure refers to the unauthorized release or exposure of sensitive information about an individual, organization, or system. This can include personal data, confidential business details, intellectual property, or other proprietary information. Information Disclosure can occur through various means, such as website leaks, email errors, or social engineering attacks, and can compromise security, reputation, and trust.

View All Tags

HTB | Base | Write-Up

May 25, 2023 · 14 min read

Summary:

We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.

Machine Name: Base | Difficulty: Easy | OS: Linux

HTB | Archetype | Write-Up

May 11, 2023 · 19 min read

Summary:

This article guides users through completing the Archetype machine challenge on Hack The Box. We exploit vulnerabilities on a Microsoft SQL Server by enumerating SMB shares, finding clear text credentials, and using Impacket to authenticate and gain an authorized connection. We then escalate privileges and download Netcat to establish a reverse shell, grab the user flag, and eventually use Impacket's psexec tool to gain admin access and retrieve the root flag before terminating the connection.

Machine Name: Archetype | Difficulty: Easy | OS: Windows

Summary:​

Summary:​

Summary:

Summary: