Jump Ahead: Enum – User – Root – Special Thanks – Resources TL;DR; To solve this machine, we begin by enumerating open services. Doing so, we learn that the machine exposes a lot of ports – mostly associated with an Active Directory server, as well as a web server. Going to the web server redirects […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 22 and 80 open. While enumerating the web server, we discover a set of credentials, and a new server vHost. Going to the discovered vHost, we are taken to an OpenEmr platform […]
Jump Ahead: Enum – Initial Shell – User – Root TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 22 and 80 open. On the webserver, we find a login form vulnerable to SQLi that redirects us to an image uploader. We smuggle a reverse shell to the webserver, and […]