Starting with nmap port 80 shows just a picture named merlin.jpg. Possibly a user in the box. Doing gobuster and scanning with .aspx extension we get two things of interest. First transfer.aspx where we can upload files and second UploadedFiles where we get to access the files we uploaded. Doing enumeration, we find that we […]

Starting with nmap Port 80 is HFS, If we try to login then we will get an unauthorized error. Following is the screenshot. Using searchploit to find if there is any vulnerabilities related to HFS Cloning one with Remote Command Execution There are two things we should do before running above python script. First is […]