Utilizes steganography with binwalk and steghide to extract hidden data from images. Employs zip2john to crack password-protected archives and Base64 decoding for credentials. Achieves privilege escalation by exploiting CVE-2019-14287 sudo vulnerability.
Exploits a vulnerable Fuel CMS installation using a remote code execution vulnerability (CVE-2018-16763) to gain a reverse shell. Discovers hardcoded database credentials in configuration files, which are reused as the root password for the system.
Discovers credentials through HTML source code comments and robots.txt file to access a command panel. Exploits unrestricted command execution on the web server and leverages NOPASSWD sudo privileges for full system access.