TryHackMe write-up: Poster

Introduction

This is my write-up for TryHackMe’s Poster Room

Enumeration

Using nmap, I saw that this box has several ports open.

Using metasploit, I was able to get both the database user and password.

Using the credentials found, I was able to get the database version, a dump of the database user hashes and more. Below is a screenshot of the database version:

Exploitation

Still using Metasploit, I used an exploit module to get a reverse shell.

Running the exploit module, I was able to get a shell and get credentials for 1 user.

Using the credentials found, I then used SSH to connect to the target. I then found a config file which contained credentials for the 2nd user.

Using this set of credentials, I then ran “su” as the second user. I was then able to see the contents of the user.txt file.

Privilege Escalation

It turns out, this 2nd user had SUDO privileges. I was then able to access root.txt using this.

--

--

--

I like breaking stuff.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Security reminder from Poloniex

DeCredit Weekly Report(July5th — July 11th,2021)

Lost Token

Ledger Nano Guide #4:

How to Unlock LG Phone without Google Account

Hiding in Plain Sight || Part 2

{UPDATE} Don't Fall! Human Flat Gang 3D Hack Free Resources Generator

{UPDATE} Trump Up: Challenge Edition 2016 Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
m0ndzon3

m0ndzon3

I like breaking stuff.

More from Medium

TryHackMe: Net Sec Challenge

Road — TryHackMe

TryHackMe: Internal

TryHackMe: Mr. Robot CTF Writeup