Skip to content

Pebbles 🔹

Enumeration

Web page is

and a tomcat at :8080

with feroxbuster we found a zm folder that is a zoneminder 1.29.0

Searching for vulns we find

There is a blind sQL vuln

So we can put a php web shell

And access port 3305

Bug

Someone uploaded a reverse shell file and execute it but i can't get it to work.