Payday 🔸

Enumeration

The web page is...

We can log in with admin:admin.

Using feroxbuster, we discover /admin and using admin:admin we are inside.

Go to template editor and upload a PHP reverse shell with .phtml as seen in...

Once uploaded, go to http://[victim]/skins/shell.phtml after setting a reverse shell.

Get local.txt.

Enumerating users, we see patrick and testing patrick with password patrick.

And patrick has all privileges.

Get the flag.