Description Plattform: TryHackMeLink: https://tryhackme.com/room/dailybugleDifficulty: Hard 🟠 Enumeration NMAP Exploit CVE-2017-8917 The running Joomla CMS seems to be vulnerabile against the CVE-2017-8917 which is an SQLi vulnerability. On Github an working exploit can be found: https://github.com/stefanlucas/Exploit-Joomla Equipped with the exploit, one can exfiltrate superuser access credentials. The hash can be cracked easily with hashcat or john. …
You can find the training room here. At the beginning as usal we try to get as much information as we can from the target. For this we are using NMAP and Fuzz. As result we get some interesting folders and the open ports on the system. Sadly no open FTP but three different ports …
You can find the training room here. As usual first run our basic recon scans Nmap and fuzz to get more information about the target and the services which are running. Great we found an open FTP, SSH and open Apache port, lets see if there is something to find on web address… Hmmm no …
You can find the training room here. We run our basic scans to find open ports and directories on the target. We found a open SSH port (22) and a open port for Apache (80). Sadly the address only shows the default page of the Apache webserver. Fuzz found something more interesting, an content folder, …
You can find the room here. First of all we run nmap and scan for open ports and services. I also tried a directory scan with gobuster but it cant get a connection to the side, with fuzz all worked fine so I went there forward. When we browse to the .git page we can …
It says follow the white rabbit, so lets go. Looking around the website while checking the sourcecode we found the directory for the pictures. Lets move to this and check if there is something usefull to find. Just some pictures, but this hint’s that there must be some more pages on the website. So we …
First of all, we run our basic scans to check for open ports and directories on our target. While this scans run we have a look at the web-page, but there is nothing interesting to find. Nmap found some open ports, so let’s try if we can log in with some default credentials. SSH doesn’t …
This room has took me some time and I noticed that my solution is a little bit different to the other writeups about this room, so feel free to check my solution. First of all we have to check the IP in our browser if there is a website where we can get some information …