Open in app

Sign in

Write

Sign in

Site hacking with information disclosure🤒

Al1z4deh:~# echo "Welcome"
3 min readApr 5, 2023

Hello everyone.

Today, while installing docker, we suddenly thought of creating a dork to see .env files that can be read in the world. It happened after that.

Attention: My purpose in sharing this post is to raise awareness of you and to protect your company from such deficits. Please do not use such information for real-life attacks.

The .env file can be used for simple container deployments and even complex full-stack deployments. Either way, it’s a much more secure way of using secrets for a deployment. Although nothing is perfect, using a hidden file (one that starts with a . in Linux is considered hidden) that keeps you from hard coding secrets into your manifests should not just be considered the smart way to go, it should be your default. And, yes, there are even more secure ways to handle secrets.

Ref:

What Is the Docker .env File and How Do You Use It?

Docker .env file holds all the sensitive passwords and configuration data so they don't have to be planted in the…

thenewstack.io

Dork:

Offensive Security's Exploit Database Archive

Google Dork: intitle:"index of /" "docker-compose.yml" ".env" # Files Containing Juicy Info # Date: 06/04/2023 #…

www.exploit-db.com

  • Step 1

When we look at the contents of the file, we reach sensitive information that can be used for mysql, smtp servers. I wanted to test that.

  • Step 2

Good luck at the entrance. I now had access to the company’s “no-reply” address.

I sent an email to myself from there and it was good when I tested it.

  • Step 4

I even went to mysql databases and cracked the admin’s hash. This time I was really lucky.

Report

Then, I sent information to the company’s blue and red team personnel with their “no-reply” addresses, together with their poc and references. Yes, I am enjoying it 😂

Friends, this is the movement that suits us. It is to report the deficiencies and weaknesses you find.

Bonus:

We can get a shell from mysql under suitable conditions. For this, we need to know the udf exploit.

MySQL User Defined Functions - RedTeam Nation

Running MySQL as root or any privileged user is an extremely dangerous practice. Using a default install of MySQL and…

redteamnation.com

Finally, I would like to state that my purpose in sharing this post is to give the correct permissions to files containing such sensitive information in your company or the company you will work for. Sometimes a company that uses very expensive tools and solutions will run into problems because of such vulnerabilities.

“Thank you for reading. I hope that will be useful. If you have any questions or comments, please do not hesitate to write. Have a good day”

Bug Bounty
Information Disclosure
Cybersecurity
Udf

--

--

Al1z4deh:~# echo "Welcome"

Written by Al1z4deh:~# echo "Welcome"

440 Followers

Al1z4deh:~# echo "eJPT, CEH, OSCP"

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams