Information Collection

• ssh
• http
  

There is very little information collected, the directory should be scanned for additional extensions, dirbuster only has the php extension by default.

Take a look at user.txt, I found that I don't seem to understand it.

Go search to see what is the relationship between the twoWhat conditions do these two meet?

I got something and found Shellshock

Power On

Elevation of Privilege

How to create a /bin/bash session through perl, I found the parameter for one-time code execution by searching -e

Also searched for perl commands to execute system commands


No accident exec also works