Revenge is a straight and simple room from Tryhackme lets have a first look . How its look like
the website is pretty basic with one login form we will come back on that part later before that lets enumerate what kinds of ports are open on the target IP address
from nmap scan results we have only two ports open one is 22 ssh and another one is 80 which ishttp now what ? i had already tried default password and sql injection auth bypass on the websiteso its a totally waste of the time don’t do that instead of that find the parameter and start performing sql injection with sqlmap let me show you how its done
here –dbs mean we r dumping the batabase and –batch means it will dump the database without askingabout any stupid yes or no prompt
and boom we get five database ignore all other database and lets dump the duckyinc database which i had allready marked
and we found the first flag after dumping the duckyinc database easy peassy till now
not only we found the first flag we also got some creeds for the users and their password hashes so lets decode it and logged in through ssh cuz ssh is already open on the target machine
and we found the password for the server-admin user $2a$08$GPh7KZcK2kNIQEm5byBj1umCQ79xP.zQe19hPoG/w2GoebUtPfT8a:inuyasha
now lets login through ssh using the username and password
and we r successfully logged in through ssh
and we got the flag 2
to root this machine just try shell escape by typing sudo -l
so here is the fun part we can easily Edit the Service File Using sudoedit to modify /etc/systemd/system/duckyinc.service
after editing the duckyinc.service start nc listener on port 443
to hit the reverse shell use sudo /bin/systemctl daemon-reload and then sudo /bin/systemctl restart duckyinc.service
now to get root flag we had to change the context of index.html like if you can pay close attention we r allready in a root directory but there is no root.txt flag
we had changed the context of index.html which is located in /var/www/duckyinc/templates/
room status Complete
Nice Blog ☺️
Thanks for this ,
Easy steps ⚡
Normally I do not learn post on blogs, but I wish to say that this write-up very forced me to take a look at and do so! Your writing taste has been amazed me. Thanks, very great article.