Vhost

Virtual host discovery finds the Magento admin panel on a non-default hostname; qwerty123 completes the chain — two recon steps, one flag.…

S3 subdomain discovery exposes a LocalStack bucket; a PHP webshell uploaded via the AWS CLI achieves RCE as www-data without any CVE.…