The 1st of April is and it’s Tuesday my dudes.
It’s time for more THM!
Today we start off on the room Basic Pentesting!
The Aim of today is to try and finish off the last remaining room’s on the ‘Complete Beginner’ pathway which includes Basic Pentesting, Kenobi and Steel Mountain and then we will be done with this old content.
‘Basic Pentesting’
‘Kenobi’
‘Steel Mountain’
Right, on to Basic Pentesting!
http://10.10.100.226/
http://10.10.100.226:8080/
http://10.10.100.226/development/
http://10.10.100.226/development/j.txt
http://10.10.100.226/development/dev.txt
Apache Struts 2.5.12 – https://www.exploit-db.com/exploits/42627 ??
msfconsole didn’t find alot need to try something different.
Users – Jan & Kay
Password – armando
Kay’s Password – beeswax
Password/Flag – heresareallystrongpasswordthatfollowsthepasswordpolicy$$
Quite a good room, I was over thinking alot and trying to do more than was required whereas I just needed to keep it simple however I was in the right place (most of the time) when It came to getting the right vectors of attack etc.
Next, we move on to the Kenobi module on THM!
User Flag – d0b0f3f53b6caa532a83915e19224899
Root Flag – 177b3cd8562289f37382721c28381f02
Lastly, we move on to Steel Mountain (Mr Robot) module!
http://10.10.151.191/
http://10.10.151.191:8080/
User Flag – b04763b6fcf51fcd7c13abc7db4fd365
https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1
This didn’t work so nc
Root Flag – 9af5f314f57607c00fd09803a587db80
Until next time & don’t sleepwalk through life!
Arrivederci