TryHackMe write-up: Poster

Introduction

This is my write-up for TryHackMe’s Poster Room

Enumeration

Using nmap, I saw that this box has several ports open.

Using metasploit, I was able to get both the database user and password.

Using the credentials found, I was able to get the database version, a dump of the database user hashes and more. Below is a screenshot of the database version:

Exploitation

Still using Metasploit, I used an exploit module to get a reverse shell.

Running the exploit module, I was able to get a shell and get credentials for 1 user.

Using the credentials found, I then used SSH to connect to the target. I then found a config file which contained credentials for the 2nd user.

Using this set of credentials, I then ran “su” as the second user. I was then able to see the contents of the user.txt file.

Privilege Escalation

It turns out, this 2nd user had SUDO privileges. I was then able to access root.txt using this.

--

--

--

I like breaking stuff.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How MadHive Solves for Fraud in OTT

[ANN] WEMIX Token listing in Indodax Exchange

An Object Lesson in Cybersecurity

{UPDATE} Chess Master Game Hack Free Resources Generator

How I remove Bitmotion-tab.com

Shibafriend NFT Airdrop (10th Jan to 31st Jan 2022)

{UPDATE} Spell Words Hack Free Resources Generator

Data Storage Security: 5 Best Practices to Secure Your Data

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
m0ndzon3

m0ndzon3

I like breaking stuff.

More from Medium

TryHackMe - Kenobi Walkthrough

Tryhackme | Nmap

Network Services — Tryhackme

TryHackMe: Mr. Robot CTF Writeup