Thompson
May 16, 2021•138 words
Thompson - THM
This is an easy machine, fairly straightforward. Scan thoroughly as usual. Navigating to the port running an HTTP web server reveals an Apache version.
Look for default credentials, try the first couple of them, should not be too hard.
Once you have access to the manager application, there is both a manual way to exploit it (you can upload WAR files, search on Google for a step by step procedure to exploit this) and a metasploit module ready for you to use. This gives you shell access to the machine. Go find the user.txt flag, and once you have found it don't look too far. There is an interesting executable close by. Look for cron jobs (the ones listed in /etc/crontab) and modify the script you found accordingly to your needs, you should be root in no time.