Slort 🔸

Enumeration

Using feroxbuster, we discover a /site website.

Initial Access

The URL has an RFI vulnerability, so we can call a reverse shell.

Get the flag.

Privilege Escalation

There is a backup folder with TFTP.EXE inside and an info.txt that says that tftp will be executed every 5 minutes, and rupert can edit all. So generate a reverse shell and replace the binary, reboot the system, and wait 5 minutes.

Post Exploitation

Get the flag.