Internal
A hard Linux box from TryHackMe, brute force a wordpress page for initial access, then pivot to a locally running Jenkins instance for root.
Relevant
A medium box from TryHackMe, grabbing creds from an anonymous smb share, then using them with EternalBlue for SYSTEM.
Relevant
A medium box from TryHackMe, grabbing creds from an anonymous smb share, then using them with EternalBlue for SYSTEM.
Relevant
A medium box from TryHackMe, grabbing creds from an anonymous smb share, then using them with EternalBlue for SYSTEM.
Daily Bugle
A hard Linux box from TryHackMe, use a SQLi in the particular joomla version to get access, finding a password to pivot, and then using GTFObins yum for root.