Medjed 🔸

Enumeration

Port 33033 has a simple page with a login form

We have a barracuda service at port 8000

Set the account

Using cadaver we can use webdav with the account and upload a php reverse shell to xampp\htdocs

Get the flag

Winpeas found jerren password

We can write the exe of an autorun app, so replace it with shell and restart.