Walla 🔸

Enumeration

Going to webserver 8091 we are greeted with user and pass login. Using feroxbuster we find package.json

If we follow github link, we can see defualt user and password in the installation guide

We can enter with these credentials

going to System we have a console

Get the flag

we can execute a python script wifi_reset.py

When executing the script, it can't find wificontroller module, so we can make one

Now if we execute it, /bin/bash will have suid bit

Get the flag