Mzeeav 🔸

Enumeration

Web server shows a simple app that analyzes a file that you can upload.

Uploading a file.

Initial Access

feroxbuster finds a /backups folder with a zip of the project.

It only checks the first four bytes, so we can add it to a PHP reverse shell.

Privilege Escalation

We find a file in /opt with SUID that is the same as the find command. So search find in gtfobins.

Post Exploitation

Get the flag.