Hello World

RaspberryPi device that ran PiHole, which had default credentials. Once foothold was obtained, root was a simple sudo -l.

Eventually landed upon finding SQLi on /room.php?cod=, so we dump databases with sqlmap. Foothold is a simple phpMyAdmin credential login, then a phpMyAdmin 4.8.0 exploit to gain a shell. Root was obtained from exploiting root.service.

Set up three vulnerable Windows machines and conducted a series of attacks against them using techniques like Kerberoasting, IPv6 Relay Attack, etc. Grasping these concepts was time intensive, but it ultimately increased my skills within Active Directory overall.

Enumeration brought me to the realization that we are working with Magento. Whenever you have Magento, magescan is your best course of action. Then, we exploit magento with RCE to come to an admin panel. Eventually, we get a shell from exploiting Magento's Admin Panel. Root was a simple privesc, with sudo -l.

One way to gain foothold was bruteforce on an admin account, or /department/login.php. Then, we get remote PHP code injection on phpLiteAdmin v1.9, which results in LFI to shell. For root, we use nmap to exploit knock / port knocking.