TL;DR Bypass PHP redirect to access restricted page, create low priv web account, get website backup. Audit code and find OS command injection + MySQL creds, get reverse shell and dump database, get password hash and crack it to SSH. Privesc via path injection. Footholds nmap gives us only ports 22 and 80. We first get this website: Nothing we can deal with here, no SQL injection :( For more info I used dirsearch to fuzz the web pages, and it found the following:
Welcome to my blog, I will post things about cybersecurity, development and Linux. For more info check my about page and my socials.