Introduction

“Previous” is a modern Linux/Next.js CTF machine mimicking a DevOps environment prone to real-world web and infrastructure misconfigurations. The machine combines custom app logic, advanced JWT manipulation, a dangerous Terraform privilege escalation flaw, and multiple bypass vectors. This writeup assumes strong familiarity with modern web app assessment and privilege escalation on Linux, and it includes ZAP usage as part of the recon chain.

Reconnaissance

1. Network Scanning

Comprehensive service discovery reveals:

nmap -sC -sV -p- -T4 10.10.11.83 -oN nmap.txt

  • 22/tcp: OpenSSH 8.9p1 (Ubuntu)

  • 80/tcp: nginx 1.18.0 serving Next.js app

ZAP/WhatWeb web scan:

  • Server: nginx (Ubuntu), Technology: Next.js

  • Identified email in response: [email protected]

Subscribe to keep reading

This content is free, but you must be subscribed to Andrés to continue reading.

Already a subscriber?Sign in.Not now

Keep Reading

No posts found

© 2025 Andrés.

Report abuse

Privacy policy

Terms of use

Powered by beehiiv