This room covers the famous Ghostcat CVE vulnerability to gain an initial access shell on the remote machine alongside an interesting ASC and GPG privilege escalation technique.

In this room, we will cover using Gobuster on a website, using SMBclient and SMBMap to enumerate shares and exploiting a CMS RFI vulnerability as well as wildcard privilege escalation.