https://hackmyvm.eu/machines/machine.php?vm=Driftingblues7
Scan ports.
nmap -sV -sC -p- 192.168.56.99 -oN ports.log
Check port 80, redirect to port 443, it's eyesofnetwork app login panel.
Scan port 66.
gobuster dir -u http://192.168.56.99:66 -t 10 -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x .html,.php,.txt,.bak,.zip -b 401,403,404,500 --wildcard -o 66.log
Check eon, base64, it's a zip file.
Download eon, base64 decode, create zip file and bruteforce the zip.
wget -O - http://192.168.56.99:66/eon | base64 -d > eon.zip ... fcrackzip -u -D -p /usr/share/wordlists/rock_ascii.txt eon.zip PASSWORD FOUND!!!!: pw == killah
Get credentials of EyesOfNetwork.
Check exploits of EyesOfNetwork 5.3 online.
https://www.exploit-db.com/exploits/48025
Download the POC, modify the code to login directly with creds we found.
Run the code, directly get root.