Skip to content

![[Dog.png]]

Summary

Walkthrough

  1. Nmap
  2. GoBuster
  3. robots.txt
  4. git-dumper
  5. see organization email
  6. find matching mail in dump
  7. find password in config
  8. login
  9. search version of backdrop cms for exploit
  10. see that modules can be exploited from admin page
  11. list /etc/passwd or reverse shell script
  12. explore a bit, notice no access
  13. try password spraying
  14. login as jonhcusack FLAG
  15. sudo -l
  16. see bee binary, notice it has to be run from wherever backdrop is
  17. run in /var/www/html with php-script command system("/bin/bash")
  18. ROOT