Blocky — HTB Walkthrough

ENUMERATION

80 HTTP ENUMERATION

A wordpress site. Before doing anything else, just run wpscan in background

wpscan — url=http://10.10.10.37/ -ep vp,t,u

Nothing much juicy except username notch

Gobuster scan

We see /plugins was useful among all above

Downloading both the files on machine to check

Jad compiler was not working on my kali so I used online java de-compiler to read contents

We can try SSH using the same also wordpress login

PRIVILEGE ESCALATION

we see enumerating sudo privileges that, we can run anything as root without password.

ROOTED!!!