Wordpress

  • Published on
    Foothold obtained from finding something called Rocket Chat, and a bot called 'hubot' which allowed me to break out of its syntax and obtain foothold. For root, we went from dwight to root from CVE-2021-3560, which is 'polkit'. This was my first time exploiting it and my linpeas gave a weird output at first which didn't show the 'CVEs Check' from linpeas.
  • Published on
    Enumerating DNS leads to finding a vulnerable WordPress endpoint, where we exploit SMTP to gain root.