Date: 31, December, 2020
Author: Dhilip Sanjay S
- Security misconfigurations include:
- Poorly configured permission s on cloud services like S3 buckets
- Having unnecessary features enabled, like services, pages, accounts or privileges
- Default accounts with unchanged passwords
- Error messages that are overly detailed and allow an attacker to find out more about the system.
- Not using HTTP Security Headers or revealing too much detail in the Server: HTTP header.
- Some scenarios of Security Misconfiguration are:
- Not changing the Default credentials.
- Directory listing not disabled on the server.
- Sample applications not removed from the production server.
- Displaying detailed error messages (E.g: Stack Traces)
- Cloud service provider has default sharing permissions open to the Internet. This allows sensitive data to be accessed.
- Dyn (DNS provider) was taken down by DDos Attacks. The flood of traffic mostly came from IOT and networking devices like routers and modems infected by Mirai Malware
- Default passwords of exposed telnet services were used to log in into those devices.
- Answer: thm{4b9513968fd564a87b28aa1f9d672e17}
- Steps to Reproduce:
- Directory listing is not disabled in this server.
- No flags were found in the source code.
- May be there is a github repo or some other VCS.
- On googling
Pensive Notes github
, you will get the following result: PensiveNotes Github repo. - The default credentials are:
pensive:PensiveNotes
. - By logging in using the default credentials, you'll get the flag.