The Purple Team Journey: My Cybersecurity Chronicles.

 In this lab titled “Information Disclosure in Version Control History” , the objective was to identify and exploit sensitive data exposure caused by improper handling of version control artifacts, specifically an exposed .git directory on a web server. The engagement began with a reconnaissance phase, where I performed directory brute-forcing using dirsearch to enumerate hidden paths and commonly exposed files. During this enumeration, I discovered that the target was serving the .git directory over HTTP, which immediately indicated a high-risk misconfiguration. Exposed Git metadata often allows reconstruction of the entire source code repository, including commit history, branches, and previously deleted sensitive information. Following the discovery, the next phase focused on extracting the repository contents from the exposed .git directory. Instead of manually reconstructing the repository structure, I used an automated Git dumping utility sourced from GitHub designed spe...

Introduction In this lab, the objective was to gain access to an administrative interface protected by authentication controls. Through systematic enumeration and analysis of application behavior, I identified a trust issue involving client-controlled headers combined with information disclosure through an unexpected HTTP method. This write-up explains the methodology, findings, exploitation process, and root cause behind the vulnerability. Initial Enumeration The first step involved enumerating application endpoints and observing how the server responded to different requests. During testing, I discovered the following endpoint: GET /admin The server returned: HTTP/1.1 401 Unauthorized A 401 Unauthorized response indicated that the endpoint existed but required additional authorization rather than being inaccessible or nonexistent. HTTP Method Testing To understand whether the endpoint handled different HTTP methods differently, I tested multiple request methods against /admin . Most...

This exercise was completed as part of a PortSwigger Web Security Academy lab focused on information disclosure through exposed debug endpoints . The goal of the lab was to identify hidden resources on the target application and retrieve a secret value exposed through a debug interface. The scenario simulates a real-world misconfiguration where development or debugging features are accidentally left enabled in a production environment. Such features often expose sensitive system information, including environment variables, configuration data, and internal application details that should never be publicly accessible. Reconnaissance and Hidden Directory Discovery The first step involved performing directory enumeration against the target application to identify hidden or unlinked paths. Since the vulnerable endpoint was not visible through normal navigation, content discovery techniques were required. During brute-force enumeration, the directory /cgi-bin was discovered. This direct...

This exercise was completed as part of a PortSwigger Web Security Academy lab focused on information disclosure vulnerabilities caused by exposed backup files . The purpose of the lab is to demonstrate how sensitive information can be unintentionally leaked through misconfigured web servers that expose development artifacts such as backup files and source code. The scenario simulates a real-world web application where hidden directories are accessible over the internet and contain files that were never intended to be publicly available. These types of issues are common in misconfigured deployments where backup files are left inside web roots or where directory listing protections are not properly enforced. The objective of the lab was to locate a backup file containing application source code, analyze it, and retrieve a hard-coded database password embedded within the code. This password would then be submitted to complete the lab. Reconnaissance and Content Discovery The first step in...

In this lab, the objective was to identify sensitive information exposed through unhandled application errors. Using Burp Suite, HTTP requests were intercepted while browsing product pages. Each request contained a productId parameter, which was observed in the intercepted traffic within the proxy history. The request GET /product?productId=1 was selected for further testing and sent to Burp Repeater to allow controlled modification and analysis of the parameter behavior. In Burp Repeater, the productId parameter was modified from its expected integer value to a non-numeric format ( 1/2 ). This alteration was used to test how the backend handles unexpected input types. The application failed to process the request correctly and triggered an unhandled exception. Instead of returning a controlled error response, the server generated and returned a detailed stack trace in the HTTP response. The stack trace contained internal application information that is typically restricted in pro...