Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports using nmap – finding ports 22 and 80 open. While enumerating the webserver, we find a URL redirector. After registering an account, we get a JWT. After exploiting the JWT, we are able to forge […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports using nmap – finding ports TCP:80 and UDP:623 open. Looking into UDP:623, we learn it allows for out-of-band system monitoring. Using this port, we are able to get hashed credentials for Zabbix, which is hosted […]
Jump Ahead: Enum – Foothold – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports using nmap – finding ports 22, 80, and 8000 open. From the web server, we find a git repo and download it. Looking through the downloaded source code, we find a command injection […]