- Published on
Enumeration brought me to the realization that we are working with Magento. Whenever you have Magento, magescan is your best course of action. Then, we exploit magento with RCE to come to an admin panel. Eventually, we get a shell from exploiting Magento's Admin Panel. Root was a simple privesc, with sudo -l.