Something seems a little off with the server.

Recon

At first, I did a Nmap scan for open ports and services.

nmap -sC -sV -oA nmap/agent 10.10.36.157

There is only one port open with PHP server 5.5.

I checked the website for further enumeration. Wappalyzer identifies the website is using PHP version 8.1.0.

Exploit

I looked for PHP 8.1.0 exploit. I found this exploit on exploit-DB

After executing the exploit I got a shell. Success!!

Flag

I couldn’t move around that much. I checked the directory and didn’t find the flag.

I searched for the flag file and catted the file directly.