SYMFONOS: 4 Walkthrough
Name: symfonos: 4
- Name: symfonos: 4
- Difficulty: Intermediate
- Tested: VirtualBox
- DHCP Enabled
OSCP-like Intermediate real life based machine designed to teach people the importance of trying harder.
This works better with VirtualBox rather than VMware.
Steps
- Port scanning with NMAP
- Gobuster on port 80 gives up some dirs and files.
- Use SQLi to bypass the auth
- there is a LFI, use it to get RCE
- Need to port forward the remote port and access the web application
- python deserialisation to RCE -> Root