Rusty Walkthrough — PWNX

Astik Rawat
4 min readMar 23, 2022

Hi Everyone, It’s been a long time since I shared a walkthrough of a vulnerable machine. I have been a bit busy lately with work and learning but I am back for good. Let’s just jump right into it, I hope you learn something from it.

Rusty Pwned!!

Last month I was introduced to a new platform PWNX by a friend. I haven’t tried all the machines yet I love their competitive challenges and I will be coming back with more walkthroughs in the future. For now, I want to share my experience with Rusty. Let’s learn together.

First, we start with a network scan to see if there are any interesting ports available…

Nmap Scan for Rusty

Port 80 seems to be open and running Joomla with many entries in the robots.txt file.

Joomla Webserver

The first thing that comes to my mind after finding a known web server is to find what version it is running. Sometimes the developer doesn't update the webserver and it can hold some critical vulnerability. In case, the version is up to date, then we can move towards manual scanning methods.



Astik Rawat

Security Consultant | SRT Researcher | OSEP | OSWE | CRTO | OSCP | OSWP | CRT | BSCP | PNPT | eMAPT | PJPT | CPENT | eJPT | CEH Master | CPSA | Network+ | 9xCVE