, ,

Dina: 1.0.1

Download the machine:



  • Enumeration will lead to robots text and and a directory that was not indicated in robots.txt
  • Check the source code of a directory to find creds
  • Download a backup folder from one of the directory
  • Upload the unzipped audio file in CyberChef to find the text file
  • Head to secret directory and gain access from a password list
  • Login to the playsms interface
  • Use metasploit to gain a shell


Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Port 80


/nothing source code.

Found a password list


Unzip the file with the password list and a mp3 file is given.

It is actually a text file.

Use cyberchef to read the file.

Found some clues.

Now we found an interface.

We can use the password list again gain access.


There are some exploits found on metasploit.

Let’s use the third exploit.

Set up the necessary options.

Run the exploit and a shell will be gained.

Check for sudo permissions.

Privilege escalation

Use GTFOBins to find for a perl sudo exploit.

Root access is gained and flag is found.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: