TryHackMe Source[MACHINE]

 Machine IP : 10.10.217.104

Machine Name : Source

This Machine Runs A Vulnerable Service Which Allows An Attacker To Take Over This Machine Remotely And Gain Root Access.

Vulnerable Service And Version - HTTP Service And MiniServ 1.890 (Version)

Exploit - unix/webapp/webmin_backdoor (Metasploit)

When We Run The Exploit , It Gives Root Access Suddenly . There is no need to do a privilage Escalation.

Nmap Scan :

"""

Starting Nmap 7.91 ( https://nmap.org ) at 2021-06-22 22:37 +08
Nmap scan report for 10.10.217.104
Host is up (0.39s latency).
Not shown: 998 closed ports
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 b7:4c:d0:bd:e2:7b:1b:15:72:27:64:56:29:15:ea:23 (RSA)
|   256 b7:85:23:11:4f:44:fa:22:00:8e:40:77:5e:cf:28:7c (ECDSA)
|_  256 a9:fe:4b:82:bf:89:34:59:36:5b:ec:da:c2:d3:95:ce (ED25519)
10000/tcp open  http    MiniServ 1.890 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 83.30 seconds
                                                         
"""

User Text : THM{SUPPLY_CHAIN_COMPROMISE}

Root Text : THM{UPDATE_YOUR_INSTALL}
                                       

Popular posts from this blog

TryHackMe Simple CTF [MACHINE]

Machine Name : Simple CTF Platform : TryHackMe (THM) Machine Link : https://tryhackme.com/room/easyctf Question 1 - How many services are running under port 1000? command : nmap -p 1-1000 Question 2 - What is running on the higher port? command : nmap -A <target_ip> Question 3 - What's the CVE you're using against the application? Answer - Check The Web Application Service And Version . Search About It In Browser /*When We Go Through The Web Application ,  We Can See CMS 2.2.8 Type The Service And Version Name On Browser */ Question 4 - To what kind of vulnerability is the application vulnerable? Answer - Read TheCVE Question 5 - What's the password? use the exploit : https://www.exploit-db.com/exploits/46635 Question 6 - Where can you login with the details obtained? Answer - We Have Gathered The Username And Password From The Exploit , We Can Use A Service To Login TO It (command line Service) Question 7 - What's the user flag? Answer - When You Logged Into The ...
Read more