TryHackMe write-up: Source

Introduction

This is my write-up for TryHackMe’s Source Room. This is rated as Easy. Let’s see why.

Enumeration

Using nmap, I saw that this box is running SSH and Webmin.

Checking port 10000 on the browser, I found the Webmin login page:

Exploitation

I saw that Metasploit already had a number of available exploits for Webmin.

Given that the “Webmin password_change.cgi Backdoor” exploit module was the latest, I then checked if it was a viable candidate to use.

Given that the login credentials were not needed for this exploit to run, I decided to give it a try.

Turns out Webmin was already running as root. So upon exploitation, I already had root privileges!

Given that I already had root privs, I can easily get the keys.

--

--

--

I like breaking stuff.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Mina Bug Bounty Program

PARAMI- THE USER IS THE KING.

{UPDATE} Truck Driving Hack Free Resources Generator

Artificial Intelligence, Machine Learning, and Cybersecurity: A CISO’s Perspective

Bugzilla Free Download For Mac

WHAT CAN OPEN DATA DO FOR YOU?

10 Social Media Data Hacks, Schemes & Scams Threatening Your Brand

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
m0ndzon3

m0ndzon3

I like breaking stuff.

More from Medium

TryHackme: Overpass by NinjaJc01

Tryhackme Road writeup

TryHackMe-Gotta Catch’em All!(Pokemon)- Walkthrough by Subhadip Nag(MrL0s3r)