Find open ports (22, 3000)
Forgot to take a screenshot.
Find that the web app uses the npm package find-exec v1.0.2
Find and execute an exploit for find-exec v1.0.2
A google search led to this source which led to this Issue on the tools’ GitHub repo. It seems it is vulnerable to command injection.
Obtain proof.txt
