Web-to-Root Linux Lab: Exploiting a GLPI Intranet Misconfiguration

Web-to-Root Linux Lab: Exploiting a GLPI Intranet Misconfiguration

Dive into a step-by-step penetration testing guide for the vulnerable VM. This medium-difficulty walkthrough simulates a real-world assessment, from initial reconnaissance to full root access. Learn how to identify default credentials, bypass file upload restrictions, exploit web shells, crack password hashes, and leverage misconfigured cron jobs for privilege escalation. Whether you're sharpening your red-team skills or preparing for OSCP-level labs, this walkthrough delivers practical insights, tool usage, and tips for every phase of exploitation.

By CyberTask Engineer ยท Medium level

16 Tasks
1 Sections
82 Points
1 hr Duration

What You'll Learn

  • Exploit a misconfigured GLPI intranet application with default credentials
  • Bypass file upload restrictions using .htaccess manipulation
  • Escalate privileges through database credential reuse and cron job exploitation

Prerequisites

  • Basic Linux command line
  • Web application security fundamentals
Tools & Technologies
Nmap
Netdiscover
Burp Suite
Netcat
John the Ripper
MySQL
Kali Linux

Ready to Begin?

Sign in or create an account to start this lab and earn points.

Login to Start
Loading...