Kurrupt68


Tryhackme

TryHackMe - Steel Mountain by Kurrupt68

May 3, 2022 | Reading Time: 5 min

tryhackme
CVE
metasploit
windows

Header image Hack into a Mr.Robot themed Windows machine.

Another day to root a box let’s get to it.

Enumeration

Started with rustscan to get a list of open ports and then pass the ports to a nmap command, chose rustscan for it’s amazing speed.

 ⚡ root@kali ❯ rustscan 10.10.63.218

     _____           _    _____                 
    |  __ \         | |  / ____|                
    | |__) |   _ ___| |_| (___   ___ __ _ _ __  
    |  _  / | | / __| __|\___ \ / __/ _` | '_ \ 
    | | \ \ |_| \__ \ |_ ____) | (_| (_| | | | |
    |_|  \_\__,_|___/\__|_____/ \___\__,_|_| |_|
    Faster nmap scanning with rust. 
 Automated Decryption Tool - https://github.com/ciphey/ciphey 
 Creator https://github.com/brandonskerritt
49152 open
49153 open
49154 open
3389 open
80 open
445 open
53730 open
5723 open
5985 open
6100 open

Once completed a nmap scan starts and scans the open ports to discover the servicees running on them.


TryHackMe - Gallery by Kurrupt68

February 19, 2022 | Reading Time: 5 min

tryhackme
sqli
rce
linux

Header image Try to exploit our image gallery system

Alright, let’s get to it.

Enumeration

Started with an nmap scan to help identify open ports and services.

⚡ ~/tryhackme/Gallery ❯  nmap -sS -sV -A 10.10.67.206
Starting Nmap 7.91 ( https://nmap.org ) at 2022-02-20 16:55 MST
Nmap scan report for 10.10.67.206
Host is up (0.18s latency).
Not shown: 998 closed ports
PORT     STATE SERVICE VERSION
80/tcp   open  http    Apache httpd 2.4.29 ((Ubuntu))
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Apache2 Ubuntu Default Page: It works
8080/tcp open  http    Apache httpd 2.4.29 ((Ubuntu))
| http-cookie-flags: 
|   /: 
|     PHPSESSID: 
|_      httponly flag not set
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported:CONNECTION
|_http-server-header: Apache/2.4.29 (Ubuntu)
|_http-title: Simple Image Gallery System

Network Distance: 2 hops

TRACEROUTE (using port 199/tcp)
HOP RTT       ADDRESS
1   190.15 ms 10.9.0.1
2   190.12 ms 10.10.67.206

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 34.61 seconds

hmm,two ports seem to be open and running HTTP services heading over to port 80 shows the Apache2 Ubuntu Default Page, I checked port 8080 that revealed some sort of a Content Management System login page at /gallery/login.php.