ِِِAs you can see 80,22,8080 are open.
Let`s start checking
ِAfter some recon i didn`t found anything in 8080.
ِBut i searched for megahosting exploit i found LFI so let`s try it.
ِBANG ! , we got credentials.
After some search i found out that we can have a reverse shell by uploading it to manager page
ِAfte uploading our shell let`s execute it.
After some recon i found a backup file at /var/www/html
So i made an http server to download it to my machine and crack it
Let`s crack it with FCRACKZIP
I didn`t find anything interesting in the file , In the recon phase i found ash user so i tried the password on it
BAM ! , we logged in and got user hash
I found this article about LXD privilege escalation and knowing that the user is in LXD group lxd privilege escalation
Let`s build !
Thanks for Reading 🙏