Fish.io: Hack

http://10.10.10.15/uploads/shell.php A meterpreter shell opens, allowing us to navigate the file system and escalate privileges.

After exploring the file system, we discover that the sudo command has been configured to allow the fish user to run any command without a password: hack fish.io

http://10.10.10.15/admin Indeed, we find a simple login form. After attempting some common credentials, we manage to log in using the username admin and password password123 . http://10

Next, we visit the HTTP service running on port 80: hack fish.io