Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding ports 80 and 22 open. From the webserver, we find a vulnerable version of Drupal. Exploiting the vulnerability, we are able to get a shell on the machine as apache. From initial enumeration, […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding ports 80, 135, 443, 445, 5985, 6379, and 7680 open. From a document on the SMB server, we learn you can apply updates to an application, and that the app is built with […]
Jump Ahead: Enum – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open ports – finding only 22 and 8080 open. From the webserver on port 8080, we exploit a Java deserialization vulnerability to get a reverse shell as tomcat. Looking around the machine, we find credentials for the […]