Hi everyone,
I’m currently working through the eCPPT Network Penetration Testing CTF and I’ve hit a wall on Task 4.
I successfully pivoted from the first compromised machine (server.prod.local) and was able to scan the second target, web.prod.local. I found three open TCP ports there, and while two of them revealed some interesting information, I haven’t been able to identify a clear vulnerability (I thought it would be SPIP, but no luck so far).
I’ve been stuck here for a few days now and would really appreciate a nudge or hint to get me moving in the right direction. Any help would be greatly appreciated!
Thanks in advance!
Joe