Advent of Cyber 2022| [Day9]| TryHackMe write-up
Learning Objectives
- Using Metasploit modules and Meterpreter to compromise systems
- Network Pivoting
- Post exploitation
Concepts
What is Docker?
Docker is a way to package applications, and the associated dependencies into a single unit called an image. This image can then be shared and run as a container, either locally as a developer or remotely on a production server. Santa’s web application and database are running in Docker containers, but only the web application is directly available via an exposed port. A common way to tell if a compromised application is running in a Docker container is to verify the existence of a /.dockerenv file at the root directory of the filesystem.
What is Metasploit?
Metasploit is a powerful penetration testing tool for gaining initial access to systems, performing post-exploitation, and pivoting to other applications and systems. Metasploit is free, open-source software owned by the US-based cybersecurity firm Rapid7.
What is a Metasploit session?
After successfully exploiting a remote target with a Metasploit module, a session is often opened by default. These sessions are often Command Shells or Meterpreter sessions, which allow for executing commands against the target. It’s also possible to open up other session types in Metasploit, such as SSH or WinRM — which do not require payloads.
Question:- 1) Deploy the attached VM, and wait a few minutes. What ports are open?
Answer:- 80
2) What framework is the web application developed with?
Answer:-laravel
3) What CVE is the application vulnerable to?
Answer:-CVE-2021–3129
4) What command can be used to upgrade the last opened session to a Meterpreter session?
Answer:-sessions -u -1
5)What file indicates a session has been opened within a Docker container?
Answer:-/.dockerenv
6) What file often contains useful credentials for web applications?
Answer:-.env
7) What database table contains useful credentials?
Answer:-users
8) What is Santa’s password?
Answer:-p4$$w0rd
9) What ports are open on the host machine?
Answer:-22,80
10) What is the root flag?
Answer:-THM{47C61A0FA8738BA77308A8A600F88E8B}
Follow me on Medium and stay tuned for more write-ups.
