In this post, we covered SQL injection in search forms and performed Linux privilege escalation on the screen app. This was part of TryHackMe Cybercrafted room where we pawned a Minecraft server.
Are you looking for detailed OWASP course? Join my channel membership now to get access to The full OWASP course.
How many ports are open?
What service runs on the highest port?
Any subdomains? (Alphabetical order)
admin store www
On what page did you find the vulnerability?
What is the admin’s username? (Case-sensitive)
What is the web flag?
Can you get the Minecraft server flag?
What is the name of the sketchy plugin?
What is the user’s flag?
Finish the job and give me the root flag!