Difficulty: Medium
Machine Creator: ch4p
Tools Used: NMAP WPScan Steghide John
Task: To find User.txt and Root.txt
Network Enumeration
Let’s start with a quick NMAP scan to discover open ports and services.








If we change the number, we get a different job application. Let’s see what all of the titles say. We can do this with a simple bash script.
for i in $(seq 1 20); do echo -n “$i: “; curl -s http://10.10.10.10/index.php/jobs/apply/$i/ | grep ‘<h1 class=”entry-title”>’; done

We need to make a few changes to our script.
for year in range(2017,2018): for i in range(1,13): for extension in {‘php’,’html’,’pdf’,’png’,’gif’,’jpg’,’jpeg’}:









Privilege escalation
Now that we user access we need to elevate our permissions to root. Let’s start with getting system information.






fdsaaffdsaf