Hi All
This article will be about Jack-of-All-Trades room from TryHackme so let' s play with jack :
I used to start with Nmap scan result :
it seems that we have a web server in port 22 and ssh in port 80 cool after some modification in my navigator i have the first page where i found some information :
For the code is base64 you well get a name and password in the same time i have found another code in the recovery.php page
after using the indication of Mr Johny Graves in found a link to wiki page for stegosaurus dinosaur ok it s an indication to use steganalysis for the picture of the
dinosaur in the home page or another one in the assets folder :
Yes, thank to the creator of this VM i know i m in the right path anyway let s try the samething for jackinthebox pic : nothing found :
Let s try with the header.jpg picture :
OLaaa creds are here finally you have just to cat the file
Go Go motivating myself :)
After authentication in the recovery.php :
When i saw the first time i was thinking to test in command injection (get me a cmd)
Yes now it s easy to have a reverse shell to explore the VM :
i m in the server let s move directly to home folder :
yes some password of jack it s time to bruteforce :)
After using this list in hydra i found the necessary password for ssh access :
in the user folder /home/jack i have found user.jpg picture :
the picture dowloaded to my machine :
so let s move to root : sudo -l without any result move to suid file :
After i have noticed that root and jack are in the same group Dev (i used linenum.sh):
so it easy know gtfobin and the flag is found finally :
Yeees Finished IT
Thank you for visiting my blog don't forget to let me a comment.
Kind regards
AbdelMouhine Bouaouda
No comments:
Post a Comment