Overview

The machine starts easy with admin panel discovery with default creds, the admin panel was vulnerable to SQL Injection attack which helped us to exfiltrate hashes from the database and by cracking one of those hashes we could get an SSH shell From here we can find files with a capability that helped us to get a hold of another user credentials After Enumeration we found an open port that hosts another vulnerable service, this service is running as root and we were able to get shell as a root

Enumeration

as usual gonna start with our nmap