**crowd42** @crowd42 · 2018-06-29T12:48:24Z

crowd42 @crowd42

That moment when your conducting a pentest, gain access to a development server but not the production one and then you try ssh user@serverIP and it works... #infosec

Jun 29, 2018, 12:48 · Web · 3 · 4

**Tinker** @tinker · Jun 29, 2018, 13:20

**Tinker** @tinker · Jun 29, 2018, 13:20

@crowd42 - Ugh... 😂

**crowd42** @crowd42 · Jun 29, 2018, 13:37

**crowd42** @crowd42 · Jun 29, 2018, 13:37

@tinker it gets even better /o\ checked the .bash_history file on the prod file -> mysql -u root -h IP -p
Remote connection to the mysql server is enabled and uess what's the pwd? "toor"!

I swear its the truth /o\

**Tinker** @tinker · Jun 29, 2018, 14:20

**Tinker** @tinker · Jun 29, 2018, 14:20

@crowd42 - FUUUUUU....

Hurts. Great find! But shit... 😝

**Henry Edward Hardy** @hhardy01@mastodon.social · Jun 29, 2018, 17:35

**Henry Edward Hardy** @hhardy01@mastodon.social · Jun 29, 2018, 17:35

@crowd42 @tinker

oy vey!