BestHub
Sign in
Information Security 6 min read

A Full-Scale Penetration Test Walkthrough: From MSSQL Weak Passwords to Nacos N‑Day Exploits

This article documents a complete penetration test on a newly deployed environment, detailing how weak credentials, unauthenticated services, and misconfigurations in MSSQL, Nacos, Oracle, Telnet, OA, NC, Redis, Spring, and frontend assets were systematically discovered and exploited, with step‑by‑step screenshots illustrating each compromise.

Black & White Path
Black & White Path
Black & White Path
A Full-Scale Penetration Test Walkthrough: From MSSQL Weak Passwords to Nacos N‑Day Exploits

MSSQL Weak Password

A target IP exposed an MSSQL service; using the default weak credential admin:123456 the author gained immediate access, as shown in the screenshot.

MSSQL weak password
MSSQL weak password

The service also allowed command execution without further difficulty.

Nacos N‑Day Vulnerability

The Nacos management system was vulnerable to an unauthenticated access flaw. By sending arbitrary credentials, the attacker received a token in the response and could log in directly.

Nacos unauthenticated access
Nacos unauthenticated access

Oracle Remote Code Execution

Configuration files revealed the Oracle database password. The database was exposed to the Internet, allowing direct connection and command execution.

Oracle credentials
Oracle credentials

Telnet Weak Passwords

Two gateway devices exposed port 23. Both accepted the default credential admin:123, granting immediate shell access.

Telnet weak password
Telnet weak password

OA System Weak Password

The Seeyon OA platform used a common weak credential audit-admin:seeyon123456, allowing direct entry to the admin console.

OA weak password
OA weak password

NCcloud No‑Password Access

The NCcloud management interface required no authentication; the author logged in directly and discovered additional file‑read and directory‑listing flaws.

NCcloud unauthenticated
NCcloud unauthenticated

Unknown System Weak Password

A service with no identifiable fingerprint was accessed simply by guessing a weak password, granting full control.

Unknown system weak password
Unknown system weak password

Redis Unauthorized Access

The Redis instance allowed unauthenticated connections, exposing its data store.

Redis unauthenticated
Redis unauthenticated

Spring Framework Unauthenticated Endpoint

The Spring application exposed internal endpoints without authentication, leaking a heap dump that contained numerous internal database passwords (though only for internal networks).

Spring unauthenticated
Spring unauthenticated

Frontend Password Leakage

A JavaScript file served by a web application contained plaintext usernames and passwords, enabling direct login and revealing additional information.

Frontend password leak
Frontend password leak

Frontend Path Disclosure

The same frontend exposed a direct download URL for an .xls file containing all user information; visiting the URL downloaded the file instantly.

Frontend path leak
Frontend path leak

Dahua System Logic Flaw

The Dahua management portal allowed password reset by entering arbitrary values for the security question, effectively bypassing authentication.

Dahua logic flaw
Dahua logic flaw

Mini‑Program JSP File Upload

A small program allowed arbitrary JSP file uploads. The attacker uploaded a JSP that executed a wehami command, confirming remote code execution.

Mini‑program file upload
Mini‑program file upload
RedisNacosOraclePenetration TestingMSSQLweak passwordsunauthorized access
Black & White Path
Written by

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment