Thompson

May 16, 2021•138 words

Thompson - THM

This is an easy machine, fairly straightforward. Scan thoroughly as usual. Navigating to the port running an HTTP web server reveals an Apache version.

Look for default credentials, try the first couple of them, should not be too hard.

Once you have access to the manager application, there is both a manual way to exploit it (you can upload WAR files, search on Google for a step by step procedure to exploit this) and a metasploit module ready for you to use. This gives you shell access to the machine. Go find the user.txt flag, and once you have found it don't look too far. There is an interesting executable close by. Look for cron jobs (the ones listed in /etc/crontab) and modify the script you found accordingly to your needs, you should be root in no time.

👍❤️🫶👏👌🤯🤔😂😍😭😢😡😮

Subscribe to the author

You'll only receive email when they publish something new.

More from emacab98
All posts

Joker

May 12, 2021•364 words

HA Joker CTF - THM Run your favourite scan, there should be three ports open on this machine. At first, port 80 is the only viable option (the others are SSH and a web server on 8080 that requires a password). If you are a Batman fan, take the time to check out all the quotes, including the ones in the source code. They are pointless CTF-wise, but they are awesome. Find the secret directory using a buster (add common extensions so you are sure not to miss it, as I did). That file gives you a us...

Read post

Dav

May 18, 2021•189 words

DAV - THM Only one port open, so we better scan it thoroughly. A simple directory bust will reveal a directory that requires HTTP basic authentication, besides revealing the obvious service running on it. Default credentials are in place, so gaining access isn't all that difficult. In the file system shown there is a username and its hash, which are just the credentials you used to log (not sure, didn't crack the hash). With credentials for a webdav service, turn to the cadaver client. Search o...

Read post

Thompson

Thompson - THM

More from emacab98All posts

Joker

Dav

More from emacab98
All posts