morhelper.blogg.se - Red vs blue

Documents in the webserver give direct reference to a hidden directory with sensitive data. User names should not be published anywhere, especially not a webserver.Ĥ.

Users should not be using their own names as usernames.

Even just one name can lead to a system breach.

Attackers can use this information in bruteforce attacks.

Documents with usernames in plain text are available to the public in the webserverĬWE-312: Cleartext Storage of Sensitive InformationĬWE-256: Unprotected Storage of Credentials

This can allow attackers to enter malicious code and gain access or launch attacks.ģ.

Nmap revealed a possible vulnerability to SQL injection to the directories in the webserver. Sanitise input to avoid malicious SQL statements.Ģ.

Disable the ability to view directories in the browser, and disable access/password protect all directories to avoid path traversal.

These directories may also be vulnerable to path traversal in which users can navigate across to sensitive regions of the system. They can use this information and access to launch attacks and upload malicious content.

Attackers can gather a lot of information from open directories.

Webserver directories are open to the public and navigable in a browser.ĬWE-548: Exposure of Information Through Directory Listing The file was easily exfiltrated back to the attacker machine. The next flag was located in the root directory.

Python -c 'import pty pty.spawn("/bin/bash")'