Shenzi 🔸

Enumeration

Port 80 shows a xampp page.

We can enumerate smb and get some interesting files.

We need the wordpress path, trying shenzi.

We can log in with credentials, then edit the 404 theme page and put a PHP reverse shell, go to a wrong page and...

Get the flag.

Transfer winpeas and discover "always install elevated" misconfiguration.

Make a reverse shell and transfer it to the host.

Then execute it.

Get the flag.