Overview
- Enumerate to find a virtual host
- Find the Navigate CMS exploit
- Use SUID exploit to gain root
Enumeration
Run nmap scan to find for open ports.
Run a gobuster scan to find for hidden directories.
Port 80
/secret
DNS Enumeration
/navigate
Foothold
Use metasploit to gain a shell.
Transfer linpeas to find more clues.
Seems like we can exploit some permissions.
Privilege escalation
Check GTFObins for SUID exploits.
Root is gained.