It is a post request so we can use hydra now to bruteforce.
Now we can login and check version in about section: Now we can search for exploits:
Go to http://10.11.103.226/admin/app/editor/editpost.cshtml Now upload the file as PostView.ascx: Now visit http://10.10.248.167/?theme=../../App_Data/files We get a shell back:
We are iis apppool\blog Running winpeas: C:\Program Files (x86)\SystemScheduler is suspicious.\