Jump Ahead: Enum – Initial Shell – User – Root TL;DR; To solve this machine, we begin by enumerating exposed services – finding ports 22 and 80 open. On the webserver, we find a login form vulnerable to SQLi that redirects us to an image uploader. We smuggle a reverse shell to the webserver, and […]
Jump Ahead: Enum – Initial Access – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding ports 22 and 80. Going to the website, we are told there is a backdoor installed on the webserver. Looking at the sourcecode, we find a comment, which leads us […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine we enumerate open ports – finding many ports associated with Active Directory to be open. Going to the website, we find a list of names on the about.html page. Using GetNPUsers.py, we are able to guess the username schema, and get […]