Opacity is an easy machine that can help you in the penetration testing learning process.
There are 2 hash keys located on the machine (user – local.txt and root – proof.txt). Can you find them and become root?
Hint: There are several ways to perform an action; always analyze the behavior of the application.
Lets enumerate!
Looks like 80 is open
admin/admin did not work. Lets keep digging
Gobuster reveals /cloud being open
Lets navigate to /cloud
Looks like a juicy spot to upload a reverse shell. Seems to be looking for file images
Downloaded and editted the php pentest monkey reverse shell.
Creating a python server to “upload”
From here we copy the file as a .png file and enter the url into the upload path
This gives us an image link
From here we remove the .png and navigate to the file and boom! We have our shell
