I managed to find the root.txt flag after spending some time on the problem, however I feel that I did not find the solution the right way (i.e. the cleanest way) and would like the forum’s opinion.
I was not able to upload any file to the server to create a reverse shell. I found the logins to connect to the GetSimple dashboard, but I never knew how to exploit them: exploit #0 on MSF didn’t work (I don’t think I entered the wrong URL, I tried them all anyway) and uploading doesn’t give anything even though I disabled JS.
Once I got the first flag, I understood after watching a walkthrough that I could make a shell pop up and get the list of exploitable files, and exploit them with GTFOBins. But is this the right method? We don’t talk about it during the lessons, I really thought I should use LinEnum or LinPeas. Is there something I didn’t notice? And if so, can you steer me towards this one?
Thanks in advance