- magento is vulnerable to 37977.py
adjust exploit settings so target url contains index.php/
- user.txt is at /home/h***s/user.txt
- get app/etc/local.xml. it’s useless 🙂 .
- using magento downloader tool, install Magpleasure_Filesystem to upload shell
- admin_user is haris. just for your information 🙂
- /etc/sudoers is readable. so
launch vi with appropriate path to fetch root flag.