Slort 🔸

Enumeration

Using feroxbuster we discover a /site website

Initial Access

The url has a rfi vulnerability so we can call a reverse shell

Get the flag

Privilege Escalation

There is a backup folder with TFTP.EXE inside and an info.txt that says that tftp will be executed every 5 minutes, and rupert can edit all so generate a reverse shell and replace the binary, reboot the system and wait 5 minutes.

Post Exploitation

Get the flag