Opacity is an easy machine that can help you in the penetration testing learning process.

There are 2 hash keys located on the machine (user – local.txt and root – proof.txt). Can you find them and become root?

Hint: There are several ways to perform an action; always analyze the behavior of the application.

Lets enumerate!

Looks like 80 is open

admin/admin did not work. Lets keep digging

Gobuster reveals /cloud being open

Lets navigate to /cloud

Looks like a juicy spot to upload a reverse shell. Seems to be looking for file images

Downloaded and editted the php pentest monkey reverse shell.

Creating a python server to “upload”

From here we copy the file as a .png file and enter the url into the upload path

This gives us an image link

From here we remove the .png and navigate to the file and boom! We have our shell

Upgrading our shell