PHPMYADMIN
OFFSEC - Proving Grounds - SHIFTDEL
·3543 words·17 mins
OFFSEC PG PRACTICE
WORDPRESS
PHPMYADMIN
Access via provided credentials or exploit WordPress 4.9.6 (CVE-2019-17671) for a password. Delete .htaccess, and get credentials, use phpMyAdmin RCE (CVE-2018-12613) for initial access and exploit command misconfiguration to get root.