Chilakiller

Nmap Scan Result

I couldn't move forward after several attempt of enumeration. Then I decided to use rockyou as my directory bruteforce wordlist and found an hit. a page spelt "retaurante", Spanish I suppose. The site was running drupal 7 though.

I checked Metasploit for a possible exploit, tried a few and found one that works. I was able to get a meterpreter session after running the exploit.

There was a user1 on the device, switched user using password "user1". I ran Linpeas.sh and found a belonging to root that is readable by me conataing root password.