Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports – finding only 22 and 8080 open. From the webserver on port 8080, we exploit a Java deserialization vulnerability to get a reverse shell as tomcat. Looking around the machine, we find credentials for the […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 22 and 80 open. While enumerating the webserver, we find a WordPress site accessible via a virtual host. From a post, we find information on hidden files, which allows us to discover […]
Jump Ahead: Enum – User – Lateral Movement – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding ports 5000 and 22 open. Port 5000 is a webserver hosting several hacker tools. We are able to exploit a vulnerability in the the venom tool to get a reverse […]