Recon
Nmap

Directory listing

The web app






Exploit
Auth Bypass


PDF Injection





The following is the request that was done to puchase an Axe




A quick google search lead me here : https://www.triskelelabs.com/blog/extracting-your-aws-access-keys-through-a-pdf-file




Maybe we can get info from the Database


Let’s see if I can find any interesting files in that directory!


Foothold/User


Root


Since there is a wildcard in /usr/bin/node /usr/local/scripts/*.js we can put anything:
