PNPT : Academy


  • Enumernation will lead to student creds
  • Upload php shell to gain a shell
  • Search config file to find administrator creds
  • Edit cron job file with a bash one liner to gain root access


Run nmap scan to find for open ports.

Run a gobuster scan to find for hidden directories.

Port 80

FTP Enumeration

Crack the hashed password


Login to the academy page with the cred found and upload a reverse shell.

View the config file to find creds for the administrator.

Privilege escalation

Edit the backup.sh file with a bash online to gain root access.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: