Shuciran Pentesting Notes

Hintbaker (Intermediate)

Host entries 10.10.10.103 sizzle.htb.local sizzle.htb htb.local Content Default Credentials Abusing WebsiteBaker CMS feature to execute PHP through an installed module Arbitrary Command I...

Fruityloops (Intermediate)

Host entries 10.0.160.239 fruityloops.echocity-f.com Content Open Web Analytics 1.7.3 - Remote Code Execution Source Code Review Prototype Pollution vulnerability affecting @apphp/obje...

Flatscape (Intermediate)

Host entries 10.0.160.225 Content Default credentials Flatpress 1.2.1 - File upload bypass to RCE Arbitrary file read and write during snapshot recovery in qdrant/qdrant Reconnaissance ...

Flatliner (Intermediate)

Host entries 10.0.160.224 Content Weak Password, same as the CMS name Flatnux Remote Code Execution (Authenticated) Path Hijacking Reconnaissance Initial reconnaissance for TCP ports n...

Exhibit (Intermediate)

Host entries 10.0.160.238 Content Default Credentials TinyWebGallery v2.5 - Remote Code Execution (RCE) Vi run as sudo Privilege Escalation Reconnaissance Initial reconnaissance for T...

Contract (Intermediate)

Host entries 10.0.160.221 Content Default Credentials PhotoShow 3.0 - Remote Code Execution (RCE) @agreejs/shared Prototype Pollution Reconnaissance Initial reconnaissance for TCP port...

Zeppelin (Insane)

Host entries 10.0.14.54 Content Zeppelin RCE in Notebooks dset Prototype Pollution Reconnaissance Initial reconnaissance for TCP ports nmap -p- -sS --open --min-rate 500 -Pn -n -vvvv -oG...

Webamok (Intermediate)

Host entries 10.0.160.236 webamok.echocity-f.com Content Default Credentials WBCE CMS 1.5.3 RCE via admin/languages/install.php Pydash Command Injection (CVE-2023-26145) Reconnaissan...

Catcabbage (Intermediate)

Host entries 10.0.160.219 catcabbage.echocity-f.com Content Default Credentials Blackcat CMS v1.4 - Remote Code Execution (RCE) RCE in broccoli-compass Reconnaissance Initial reconn...

Bunreal (Intermediate)

Host entries 10.0.14.39 Content Online Food Ordering System SQL Injection byondreal/accesor Prototype Pollution Reconnaissance Initial reconnaissance for TCP ports nmap -p- -sS --open --...