Foothold
1. blind sql injection in password reset
2. exfiltrate admin password from admin_users
3. hashcat to crack bcrypt password
4. login as admin
5. upload a webshell from the profile page
6. reverse shell
2. exfiltrate admin password from admin_users
3. hashcat to crack bcrypt password
4. login as admin
5. upload a webshell from the profile page
6. reverse shell
PrivEsc
1.
1.
view .monitrc to get password for the other user
2. as the other user, sudo -l to see what you can run
3.
2. as the other user, sudo -l to see what you can run
3.