92
Awlex
7y

So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.

I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.

I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔

Edit phpmyadmin to connect to the mysql database. Success.

Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %

This is how far i can get with my current abilities.
------------------------------

Scary how insecure this world is.

Comments
  • 7
    @FrodoSwaggins yes, unfortunately i did not have to lie about this.
  • 1
    Oh, I found one too
  • 1
    "Scary how insecure this world is."
  • 1
    Repeat after me: this is why you *have* to learn how to reset the head and do a force push.
Add Comment