TryHackMe: HackPark Walkthrough
For this machine, we discover a website running on BlogEngine and proceed to brute force our way into the admin account. From there, we exploit the vulnerable version of BlogEngine via Remote Code Execution to gain our initial foothold. We continue to take two attack vectors to escalate privileges: the first is through discovered admin credentials and second is through DLL hijacking.