Myles Nieman
← All writeups

Hash Cracking

2 writeups

Data

Easy

An unauthenticated Grafana path-traversal (CVE-2021-43798) exposes the SQLite database, leaking PBKDF2 password hashes that crack to yield SSH access; …

Linux

WingData

Easy

Wing FTP Server 7.4.3 exposes an unauthenticated RCE endpoint; cracking the salted password hashes from its XML config yields SSH access as a system …

Linux