This is your playbook for exploiting exposed infrastructure services that should never face the internet but often do. It walks through unauthenticated Redis (write SSH keys, cron jobs, or webshells), Rsync data exfiltration, PHP-FPM FastCGI RCE, Ghostcat AJP file reads, Hadoop YARN job submission for shells, and H2 Console JNDI injection. Each section gives you detection commands, exploitation steps with actual tooling, and the hardening config that would have stopped you. The port matrix alone is worth having loaded when you're triaging nmap output. These are infrastructure wins, not web app bugs, so you're often root or equivalent once you land the exploit.
npx skills add https://github.com/yaklang/hack-skills --skill unauthorized-access-common-services