Writeups
CTF, TryHackMe, and Hack The Box writeups
-
TryHackMe: Breaking Into Steel Mountain: A Quick Windows Exploitation Run
Read MoreI knocked out TryHackMe’s Steel Mountain challenge this weekend. It’s a straightforward Windows box that hits the classic privilege escalation vectors you’d expect from an older Windows Server system.
The Initial Foothold
My nmap scan revealed a Windows Server 2008 R2 - 2012 machine with the usual suspects. Port 80 was hosting Microsoft IIS 8.5, and port 8080 was running HttpFileServer (HFS) version 2.3.
1 2 3 4 5PORT STATE SERVICE VERSION 80/tcp open http Microsoft IIS httpd 8.5 8080/tcp open http HttpFileServer httpd 2.3 3389/tcp open ssl/ms-wbt-server? 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012HFS 2.3 has a well-known RCE vulnerability, so that was my entry point. Got initial access as user Bill without much fuss.
-
TryHackMe: Exploiting Joomla 3.7.0: Daily Bugle Walkthrough
Read MoreDaily Bugle turned out to be a straightforward box that demonstrates classic Joomla exploitation and privilege escalation via yum. The machine runs CentOS with a vulnerable Joomla instance that makes for quick initial access.
Enumeration
The nmap scan showed three open ports. SSH on 22, HTTP on 80, and MySQL on 3306, though the database was rejecting external connections.
1 2 3 4 5 6 7PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.4 (protocol 2.0) 80/tcp open http Apache httpd 2.4.6 ((CentOS) PHP/5.6.40) |_http-generator: Joomla! - Open Source Content Management | http-robots.txt: 15 disallowed entries | /joomla/administrator/ /administrator/ /bin/ /cache/ 3306/tcp open mysql MariaDB (unauthorized)The HTTP generator tag immediately identified Joomla, and the robots.txt file confirmed an /administrator directory. Browsing to the site showed a Daily Bugle themed page with an article claiming Spider-Man robbed a bank.
No posts found
Try different search terms.