Agent T uncovered this website, which looks innocent enough, but something seems off about how the server responds..
Lets check for some open ports on this box
Looks like 80 is open so lets navigate to the site
We have an admin dashboard that appears to already be logged in
Using curl we see that it is powered by PHP/8.1.0-dev
Searching for exploits, we come across this
https://www.exploit-db.com/exploits/49933
Based on the name and the name of the room, we are on the right track
Running the exploit, we get a shell!
