->blaster




User part :



-> Run Nmap Scan





-> 2 ports are open, http and RDP





-> i ran directory bruteforce and found it's using wordpress.
without wasting my time i started wpscan for getting vulnerable plugin,vulnerbale theme and users







-> from the scan result i got username. i started enumerating , lets go to the directory which i found previously





-> The link shows auther profile with latest posts





-> only one post have a comment, which is a note by author. lets assume this as password.





-> Now the next step is to try with username and password, for that i used RDP





-> i successfully logged in to user account and got user flag





Root Part :



-> in the desktop , there is an uncommon file.





-> so i searched in google and got a CVE





-> a github which explains how to exploit





-> started to exploit.



1. run as administrator





2. click show more details



3. click show information about certificate





4. click issuer link





5. that opens a browser, click OK



6. click file->saveas . this opens file manager







7. now open cmd and now iam system admin and got flag