Kevin 🔹

Enumeration

The web server at 80 welcomes us with a login form. Trying admin:admin hits the jack.

This is a HP Power Manager 4.2 (Build 7)

Initial Access

Use this exploit https://github.com/Muhammd/HP-Power-Manager/blob/master/hpm_exploit.py

Execute it with the machine ip

Post Exploitation

Get the flag