Posts

TryHackMe Source[MACHINE]

 Machine IP : 10.10.217.104 Machine Name : Source This Machine Runs A Vulnerable Service Which Allows An Attacker To Take Over This Machine Remotely And Gain Root Access. Vulnerable Service And Version - HTTP Service And MiniServ 1.890 (Version) Exploit - unix/webapp/webmin_backdoor (Metasploit) When We Run The Exploit , It Gives Root Access Suddenly . There is no need to do a privilage Escalation. Nmap Scan : """ Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-22 22:37 +08 Nmap scan report for 10.10.217.104 Host is up (0.39s latency). Not shown: 998 closed ports PORT      STATE SERVICE VERSION 22/tcp    open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: |   2048 b7:4c:d0:bd:e2:7b:1b:15:72:27:64:56:29:15:ea:23 (RSA) |   256 b7:85:23:11:4f:44:fa:22:00:8e:40:77:5e:cf:28:7c (ECDSA) |_  256 a9:fe:4b:82:bf:89:34:59:36:5b:ec:da:c2:d3:95:ce (ED25519) 10000/tc...
Read more

TryHackMe Simple CTF [MACHINE]

Machine Name : Simple CTF Platform : TryHackMe (THM) Machine Link : https://tryhackme.com/room/easyctf Question 1 - How many services are running under port 1000? command : nmap -p 1-1000 Question 2 - What is running on the higher port? command : nmap -A <target_ip> Question 3 - What's the CVE you're using against the application? Answer - Check The Web Application Service And Version . Search About It In Browser /*When We Go Through The Web Application ,  We Can See CMS 2.2.8 Type The Service And Version Name On Browser */ Question 4 - To what kind of vulnerability is the application vulnerable? Answer - Read TheCVE Question 5 - What's the password? use the exploit : https://www.exploit-db.com/exploits/46635 Question 6 - Where can you login with the details obtained? Answer - We Have Gathered The Username And Password From The Exploit , We Can Use A Service To Login TO It (command line Service) Question 7 - What's the user flag? Answer - When You Logged Into The ...
Read more