popalltheshells

May 29

4 min read

DOMAIN ADMIN Compromise in 3 HOURS

Hi everyone; I hope you enjoyed my previous blog post on “How I obtained Admin access in 30 seconds” — so today I am bringing you another CRITICAL finding I discovered recently; which sheds some lights on the importance of changing default credentials and password reuse.

— THREE HOURS OF ENUMERATION and EXPLOITATION —

First we all love some enumeration. With a simple nmap scan on the target(s), I identified one interesting application server called Sun GlassFish Enterprise Server. After some investigation and research, I found out that this…

--

More from popalltheshells

Hacking for profit and knowledge.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Mehmet Cavus

COLLECTING USER-DATA: What is the limit?

Lora Shelly

{UPDATE} LegendSmith Hack Free Resources Generator

Lexine Mel

{UPDATE} Rich Wars Hack Free Resources Generator

KYVE Team

in

KYVE

Announcing KYVE’s third protocol update

Awontis

How to Stop User Registration Spam

BANGWANG LIU

Data security: you are becoming a “moving data source”!

LAKSHMINARAYANAN P

Bug Bounty Hunting

Katharine Fraustomek

POSSIBILITIES OF THE S-WALLET MOBILE APP

About Help Terms Privacy

Get the Medium app

popalltheshells

popalltheshells

Hacking for profit and knowledge.

More from Medium

Vaibhav Atkale

Weird Email Verification Bypass

Ratnadip Gajbhiye

How to find & access Admin Panel by digging into JS files…🥰

Ittipatjitrada

How I found SSRF external interaction on Bugcrowd Public program in 5 min

Mahendra Purbia (Mah3Sec_)

in

InfoSec Write-ups

How an Open Redirection Leads to an Account Takeover?

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Knowable