Member-only story
I Tried Breaking Into My Own Linux Server — Here’s What I Learned About Real-World Security
--
Share
Intro:
They say the best way to secure your server… is to try hacking it. So I did. I set up a fresh Linux box, installed a simple Nginx site, and tried every trick I could think of to break in. Here’s what worked, what didn’t, and the defenses I’ll never skip again.
1. My Test Setup
- OS: Ubuntu Server 22.04
- Services: SSH, Nginx
- Public IP via DigitalOcean
- No initial firewall — just raw exposure
2. What I Tried (As the Attacker)
- Port scanning with nmap
- Checking open services with ss -tuln
- Brute-force SSH using hydra (against intentionally weak creds)
- Directory busting with gobuster on the Nginx web root
- Injecting payloads via GET requests
3. What Actually Worked (Yikes)
- SSH login with default password (because I forgot to change it 🙈)
- Sensitive file exposed in /var/www/html/test_config.txt
- No brute force protection = unlimited SSH tries
