Tag: excessive-agency
All the articles with the tag "excessive-agency".
-
HTB Crocodile — The Credential Chain
HackTheBox Crocodile chains anonymous FTP credential disclosure into a hidden web admin login. Same structural failure shows up in agentic systems when leaked API keys legitimately authenticate into production tool-use endpoints.
-
HTB Sequel — Blank Root on MariaDB
HackTheBox Sequel exploits a MariaDB instance bound to the public interface with a blank-password root account. Same structural failure as agentic systems wired with admin-level API tokens that any caller can trigger.