Web Services
This is vulnerable to Direcotry traversal.
The only port of entry that I could see here is SSH so maybe we could either:
Grab SAM SYSTEM to get a secretsdump
We could also possibly grab those SSH Keys.
OK so update:
I am able to grab the flag which probably means that I have some sort of administrative access?
And if so
maybe ill just grab the sam system like i did with one of the lab machines in the pwk.
Last updated