Skip to content

Krovs' Writeups

Medjed

Metadata
- April 8, 2025
- in Proving Grounds, Windows
- 2 min read

Medjed 🔸

Enumeration

Port 33033 has a simple page with a login form.

We have a barracuda service at port 8000.

Set the account.

Initial Access

Using cadaver, we can use webdav with the account and upload a PHP reverse shell to xampp\htdocs.

Get the flag.

Privilege Escalation

winpeas found jerren password.

We can write the exe of an autorun app, so replace it with a shell and restart.

Post Exploitation