TryHackMe — Vulnversity

Task 1

1-)Deploy the machine

No Answer Needed

Task 2

1-)There are many nmap “cheatsheets” online that you can use too.

No Answer Needed

2-)Scan the box, how many ports are open?

6

3-)What version of the squid proxy is running on the machine?

3.5.12

4-)How many ports will nmap scan if the flag -p-400 was used?

400

5-)Using the nmap flag -n what will it not resolve?

DNS

6-)What is the most likely operating system this machine is running?

Ubuntu

7-)What port is the web server running on?

3333

8-)Its important to ensure you are always doing your reconnaissance thoroughly before progressing. Knowing all open services (which can all be points of exploitation) is very important, don’t forget that ports on a higher range might be open so always scan ports after 1000 (even if you leave scanning in the background)

No Answer Needed

Task 3

1-)Now lets run GoBuster with a wordlist: gobuster dir -u http://<ip>:3333 -w <word list location>

No Answer Needed

2-)What is the directory that has an upload form page?

internal

Task 4

1-) Try upload a few file types to the server, what common extension seems to be blocked?

.php

2-)To identify which extensions are not blocked, we’re going to fuzz the upload form.

No Answer Needed

3-)Run this attack, what extension is allowed?

.phtml

4-)Download the following reverse PHP shell here.

No Answer Needed

5-)What is the name of the user who manages the webserver?

bill

6-)What is the user flag?

8bd7992fbe8a6ad22a63361004cfcedb

Task 5

1-)On the system, search for all SUID files. What file stands out?

find / -user root -perm -4000 -exec ls -ldb {} \;

/bin/systemctl

2-)Its challenge time! We have guided you through this far, are you able to exploit this system further to escalate your privileges and get the final answer?

Become root and get the last flag (/root/root.txt)

a58ff8579f0a9270368d33a9966c7fd5

Cyber Security Analyst