· 17 min medium Windows Bastard
HTB: Bastard
Drupalgeddon 2 delivers unauthenticated RCE on a Windows Server 2008 R2 box with zero hotfixes, then JuicyPotato turns an IIS service account into SYSTEM via COM/DCOM token impersonation.
#htb
#windows
#drupal
#php +2