Blundit

WRITEUP: https://ethicalhacs.com/blunder-hackthebox-walkthrough/

CREDS: Find a .txt file (most probably) todo.txt. It might have a username (or a username from enumeration). Password: https://rastating.github.io/bludit-brute-force-mitigation-bypass/

EXPLOIT: Image Upload RCE: https://github.com/bludit/bludit/issues/1079

Theres a metasploit module available as well.