Nukem 🔸

Enumeration

On webserver port 80 there is a WordPress blog.

Another WordPress on port 13000.

We scan WordPress with wpscan and we have...

Going to the link, we get the script. We have to edit it and remove, in the payload section, the password thing.

Now we have a web shell. Using python, we make a reverse shell.

Get the flag.

Now, showing SUID programs, we have dosbox and searching in gtfobins.

We can write in root files.

Get the flag.