Would you mind relaxing the “no spoilers” policy? The numerous walkthroughs that exist for other intentionally vulnerable images are really valuable. I’m not sure where to even start with this attack, tbh. Is it a hidden service? Is it a web hack? The documentation doesn’t even mention what kinds of applications we should be targeting.
If you could list, roughly, what we need to do in order to get started on this, it would be really appreciated.
By the way… what does editing hosts to include the pi actually accomplish? Navigating to it by IP and by hostname just pulls up a link to your wordpress site.
Can’t agree anymore, I have no idea what to do and can’t even find a start point. I thought it’s part of the interesting things cuz you also have no idea about your target exclude the url in real world.