TryHackMe write-up: Poster

 

Introduction


This is my write-up for TryHackMe's Poster Room

Enumeration

Using nmap, I saw that this box has several ports open.


Using metasploit, I was able to get both the database user and password.


Using the credentials found, I was able to get the database version, a dump of the database user hashes and more.  Below is a screenshot of the database version:


Exploitation

Still using Metasploit, I used an exploit module to get a reverse shell.



Running the exploit module, I was able to get a shell and get credentials for 1 user.


Using the credentials found, I then used SSH to connect to the target.  I then found a config file which contained credentials for the 2nd user.



Using this set of credentials, I then ran "su" as the second user.  I was then able to see the contents of the user.txt file.


Privilege Escalation

It turns out, this 2nd user had SUDO privileges.  I was then able to access root.txt using this.






at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)