SYMFONOS: 4 Walkthrough

Name: symfonos: 4

  • Name: symfonos: 4
  • Difficulty: Intermediate
  • Tested: VirtualBox
  • DHCP Enabled

OSCP-like Intermediate real life based machine designed to teach people the importance of trying harder.

This works better with VirtualBox rather than VMware.

VulnHub Symfonos: 4 Walkthrough
For this walkthrough we will be looking at Symfonos: 4 from vulnhub. This was fun because I got to do some port…

Steps

  1. Port scanning with NMAP
  2. Gobuster on port 80 gives up some dirs and files.
  3. Use SQLi to bypass the auth
  4. there is a LFI, use it to get RCE
  5. Need to port forward the remote port and access the web application
  6. python deserialisation to RCE -> Root