Jump Ahead: Enum – Initial Access – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 135, 8080, 29817, 29820, 5985, and 29819 open. None of these provided a clear path forward, so we did some research around “windows iot vulnerability” and found an exploit […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by scanning for open services – finding ports 8080 and 7680 open. After exploiting an unauthenticated remote code execution vulnerability on the webserver, we have access the the machine as the shaun user – getting user.txt. While enumerating running […]
Jump Ahead: Enum – Initial Shell – User – Root – Resources TL;DR; To solve this machine, we began by enumerating services – finding 3 ports open. On the news page of the website, we find an LFI vulnerability. Exploiting the vulnerability, we are able to extract a set of credentials for the Tomcat webserver. […]