Fired 🔸

Enumeration

At port 9090, we have an Openfire login screen. We search and find the exploit.

Initial Access

https://github.com/miko550/CVE-2023-32315

Execute the exploit, create a new user, log in as the user, and upload the jar. Then go to the server tab, server settings, and management tool with password 123.

Get the flag.

Privilege Escalation

Find all openfire related folders and search for passwords.

Post Exploitation

Get the flag.