Linux

Directory fuzzing surfaces a hidden admin.php that default credentials unlock; demonstrates why wordlist-based discovery precedes credential guessing.…

MongoDB 3.6.8 without bind authentication exposes a sensitive_information database; the real lesson is why auth-on-by-default matters.…

Unauthenticated Redis on port 6379 leaks a flag key directly; includes a bonus RCE path via rogue-server module load for the curious.…

Anonymous FTP on vsftpd 3.0.3 — the misconfiguration is intentional, the lesson is recognising anonymous bind and scripting retrieval.…

Anonymous FTP yields a ZIP cracked with john. The PHP login is SQL-injectable. pg_dump in a sudo rule lets vi escape to root — classic sudo abuse.…

Log4Shell in UniFi Network Application 6.4.54 — JNDI in the remember field hands over shell as root. MongoDB's default no-auth exposes admin password hash, cracked in seconds.…

Telnet with empty root password, and the RFC-854 quirk that explains why netcat falls silent where telnetlib succeeds.…