Overview

The machine starts by discovering open FTP port that enables anonymous authentication, leading to Jar file for one of the applications running on the target
By Decompiling the Application we find a directory that is vulnerable to XXE through XOP which helped us to read config files that leaks credentials for other service running on the target, that service is vulnerable to RCE through middleware After that Unsafe call for bash binary in an application that we can run with sudo, with the bash binary being writable we hijacked it to get a shell as a root

Enumeration