# Recon - visit http://172.16.1.11:80, and cruise around website for leaked info - design by w3layouts - names: mary jane, steven wilson, suzan lois, dora caelan, rose alpha - view `/etc/hosts` - 172.16.1.11 status.inlanefreight.local - 172.16.1.12 blog.inlanefreight.local # Exploit - go to status.inlanefreight.local - `cp /usr/share/laudanum/aspx/shell.aspx ~` - add foothold ip to allowsIps string in `shell.aspx` - upload modified `shell.aspx` to status.inlanefreight.local - go to status.inlanefreight.local/files/shell.aspx - we have a shell ![[images/Pasted image 20251003090402.png]] -