In this post, we covered SQL injection in search forms and performed Linux privilege escalation on the screen app. This was part of TryHackMe Cybercrafted room where we pawned a Minecraft server.
How many ports are open?
What service runs on the highest port?
Any subdomains? (Alphabetical order)
admin store www
On what page did you find the vulnerability?
What is the admin’s username? (Case-sensitive)
What is the web flag?
Can you get the Minecraft server flag?
What is the name of the sketchy plugin?
What is the user’s flag?
Finish the job and give me the root flag!