For those wondering about the seemingly random images with my recent blog posts: they're hints about the relevant host(s) in the PWK labs of Offensive Security. My fifth host was the always adorable Warner sister.
This was a fun one! My recon consisted of simultaneous Nmap and Nikto scans, both uncovering a few fun things. What caught my eye was the silly 404 image used on the main web server, so I turned to Nikto's results first. It had uncovered both an phpLiteAdmin and a Cuppa CMS install. Both offered interesting possibilities, respectively the uploading of code and the potentia for LFI or RFI. Together, they offered me the opportunity to practice with PHP shellcode, followed by local privilege escallation. Fun and games!
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Thomas Sluyter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.