TryHackMe write-up: Source

Introduction

This is my write-up for TryHackMe's Source Room.  This is rated as Easy.  Let's see why.

Enumeration

Using nmap, I saw that this box is running SSH and Webmin.


Checking port 10000 on the browser, I found the Webmin login page:



Exploitation

I saw that Metasploit already had a number of available exploits for Webmin.


Given that the "Webmin password_change.cgi Backdoor" exploit module was the latest, I then checked if it was a viable candidate to use.


 Given that the login credentials were not needed for this exploit to run, I decided to give it a try.


Turns out Webmin was already running as root.  So upon exploitation, I already had root privileges!

Given that I already had root privs, I can easily get the keys.


at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)