Library

Enumeration

From Nmap, just a single port is opened

On visiting the webpage, I got a login page as seen below

checked online and found the below default login credential which worked

Enumerating and checking the items on the side bars, I found FLAG2

Searched for the second flag but no luck so I decided to look up the version of Openmediavault running (5.5.11-1) and found the below vulnerability

I found an exploit on Metasploit

Ran the exploit and got Meterpreter shell

Navigate to the FLAG1.txt location and claim it.