Shibboleth Writeup by evyatar9

Read my writeup for Shibboleth machine on

TL;DR

User: Found vhosts of Zabbix system, Using scanner/ipmi/ipmi_dumphashes metasploit module we dumped the Administrator password of Zabbix, Using Zabbix we get a remote command execution and we get a reverse shell as zabbix, Using the same password before we get the user ipmi-svc.

Root: Exploiting the DB 10.3.25-MariaDB using CVE-2021-27928 to get a reverse shell as root.