TL;DR HTTP redirect bypass (unintended 😁), PHP code execution through file upload to get a reverse shell. User with hardcoded SQL credentials on server, privesc with custom binary with no $PATH check. As I am an idiot, I reinstalled my distribution without making a backup of my files 🙈 So I don’t have any screenshot or payloads I used for this box to show you Footholds With a basic nmap we found only two ports: 22 and 80.
Welcome to my blog, I will post things about cybersecurity, development and Linux. For more info check my about page and my socials.