TryHackMe CTF: billing (Easy)
Exploits MagnusBilling CMS via CVE-2023-30258 to achieve initial access and PHP reverse shell. Leverages Fail2ban misconfiguration for privilege escalation to gain root access through manipulating ban actions.
Tag: Linux
TryHackMe CTF: Daily Bugle (Hard)
Compromise a Joomla CMS 3.7.0 website by exploiting an SQLi vulnerability, crack a bcrypt password hash, and perform privilege escalation through a yum binary with sudo permissions to achieve root access.