From nmap, there are http and msrpc opened
This is the web page. It is running Drupal 7.
CHANGELOG.txt, we know that it’s version 7.54.
In searchsploit, there is a RCE script for this version.
After executing the script, I got a webshell as
Create a reverse shell.
Sherlock.ps1, and execute
Pick one of the vulnerability and found its exploit in github. Use
impacket to create smb share, and download the exploit from my server. Execute the exploit script for a reverse shell.
Finally, I got a reverse shell as