Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports using nmap – finding ports 22 and 80 open. While enumerating the webserver, we find a URL redirector. After registering an account, we get a JWT. After exploiting the JWT, we are able to forge […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports using nmap – finding ports 22, 80, and 1337 open. From port 80, we learn that WordPress is installed. Exploiting an LFI vulnerability in a plugin, we are able to enumerate the service running on […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports using nmap – finding ports TCP:80 and UDP:623 open. Looking into UDP:623, we learn it allows for out-of-band system monitoring. Using this port, we are able to get hashed credentials for Zabbix, which is hosted […]