Overview The machine begins with a web enumeration which led to the discovery of a vulnerable version of WordPress 5.6.2 and a vulnerable plugin, Booking Press 1.0.10. The plugin Booking Press 1.0...

Overview This machine begins w/ a web enumeration, /dev/.git is discovered, since .git is found, we are able to view the logs and commits of the git repository, providing us w/ the header needed to...

Overview This machine begins w/ a web enumeration, discovering bludit CMS running, it is vulnerable to a bruteforce protection bypass, directory traversal + image upload exec vulnerability. With ce...

Overview This machine begins w/ a web enumeration, discovering /search, where it is susceptible to a SSTI2RCE exploit due to insufficient input sanitization, allowing us to obtain a low-privilege/w...

Overview This machine begins w/ a web enumeration, discovering that TCP/3000 is running grafana, where it is susceptible to a directory traversal & arbitrary file read vulnerability. w/ this vu...

Overview This machine begins w/ web enumeration, viewing the page source of the index page reveals a javascript file photobomb.js containing credentials for /printer. /printer directory is a tool t...

Overview This machine begins w/ a web enumeration, discovering /admin-dir, containing credentials for FTP, FTP contains an archive of the web directory, revealing a directory utility-scripts that w...

Overview This machine begins w/ a web enumeration, discovering login.php, a login page that is susceptible to a SQLi Authentication bypass due to the lack of input sanitization. Next, we are redir...

Overview This machine begins w/ a web enumeration, discovering that on OpenNetAdmin 1.18.1 is running, it is susceptible to a RCE exploit, allowing us to obtain a low-privilege/www-data user. For...

Overview This machine begins w/ a web enumeration, discovering that the webserver is running nostromo 1.9.6 which is susceptible to a directory traversal that leads to RCE vulnerability due to insu...