Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports – finding only 22 and 8080 open. From the webserver on port 8080, we exploit a Java deserialization vulnerability to get a reverse shell as tomcat. Looking around the machine, we find credentials for the […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 22 and 80 open. While enumerating the webserver, we find a WordPress site accessible via a virtual host. From a post, we find information on hidden files, which allows us to discover […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 22 and 80 open. Using source code analysis on the web server, we find a login page for CuteNews CMS, as well as its version. Exploiting a vulnerability in the avatar uploader, […]