Pebbles 🔹

Enumeration

Web page is...

And a tomcat at port 8080.

With feroxbuster we found a zm folder that is a zoneminder 1.29.0.

Searching for vulnerabilities, we find...

There is a blind SQL vulnerability.

So we can put a PHP web shell.

And access port 3305.

Bug

Someone uploaded a reverse shell file and executed it but I can't get it to work.