Nmap Results→

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2dd2752e-7742-4eb5-8bbe-141dd8d6a19c/Untitled.png

As we have access to the main files here we can a lot of malicious stuff in here the anonymous login in this case is super duper dangerous.

We can go to the internet and try to look fro default crendetials for the website at first and see if they work if not we can see if this program stores passwords or usernames and stuff like that and we can see that it does so now go to the ftp login as anonymopud there and try to traverse to that file and get access to what we want and we come accross there config files we can get them and see if they work or contain passwords and they do but they are encrypted instead of the backup file which has a password the one below but its a backup file so the password is old but by just changing the year we can see that it still works for us . And then we can use

https://www.exploit-db.com/exploits/46527

This exploit to our advantage because it asks us for a cookie which we can now get by using burp suite and intercepting the page and then we can just like it shows in the comments and the exploit will provide us with a user and password that has access to the admin group and gg we have access

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/1ed22511-919a-47bf-8c24-e1babd8b4076/Untitled.png

How do we connect to the shell though we can use something called impacket

https://github.com/SecureAuthCorp/impacket

this is will get us ability to get psexec shell with the user information and the host ip

psexec.py <username:"password"@10.10.10.152>

will give us a shell with alll the privelages