On Nocturnal, an IDOR exposed credentials that unlocked the admin panel and source code. A command injection led to a shell, cracked database hashes enabled SSH access, and exploiting ISPConfig CVE-2023-46818 provided root.
