Fired 🔸
Enumeration
At 9090 we have an openfire login screen. We search and found the exploit.
Initial Access
https://github.com/miko550/CVE-2023-32315
Execute the exploit, we have new user, login as the user and upload de jar, then go to server tab, server settings and management tool with 123 pass.
Get the flag
Privilege Escalation
Find all openfire related folders and search for passwords.
Post Exploitation
Get the flag
