Lfi

  • Published on
    One way to gain foothold was bruteforce on an admin account, or /department/login.php. Then, we get remote PHP code injection on phpLiteAdmin v1.9, which results in LFI to shell. For root, we use nmap to exploit knock / port knocking.
  • Published on
    Exploited a WordPress plugin that exploited Directory Traversal, then enumerated ports with Burpsuite's Intruder functionality. Then we find RCE on a GDB server, which gives foothold. For root, it was a simple screen exploit.
  • Published on
    Funny box, met with a lot of memes which indicated I was getting closer or further from the objective, enumerating SMB & DNS, to then exploit LFI and privesc with python.